Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

B-60

FireSIGHT eStreamer Integration Guide

Appendix B Understanding Legacy Data Structures

Legacy Discovery Data Structures

Legacy Scan Result Data Blocks

For more information, see the following sections:

•

Scan Result Data Block 5.0 - 5.1.1.x, page B-60

•

User Product Data Block for 5.0.x, page B-62

Scan Result Data Block 5.0 - 5.1.1.x

The Scan Result data block describes a vulnerability and is used within Add Scan Result events (event
type 1002, subtype 11). The Scan Result data block has a block type of 102.

The following diagram shows the format of a Scan Result data block:

Byte

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Scan Result Block Type (102)

Scan Result Block Length

User ID

Scan Type

IP Address

Port

Protocol

Flag

List Block Type (11)

Scan

Vulnerability

List

List Block Type (11)

List Block Length

Vulnerability

List

List Block Length

Scan Vulnerability Block Type (109)

Scan Vulnerability Block Length

Vulnerability Data...

List Block Type (11)

Generic Scan

Results List

List Block Length

Scan Results

List

Generic Scan Results Block Type (108)

Generic Scan Results Block Length

Generic Scan Results...