Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

The following table explains the message fields.

eStreamer responds to host requests by sending host data messages, each with a full host profile data 
block. eStreamer sends one host data message for each host specified in the request. eStreamer uses the 
type 6 message to respond to requests for a single host profile, and uses the type 7 message to respond 
to requests for multiple hosts. The formats of the type 6 and type 7 messages are identical, only the 
message type is different.

Flags

Start IP Address

End IP Address

Data Type

uint32

Requests data for a single host or multiple hosts, using the following codes:

0

 — version 3.5 - 4.6 for a single host.

1

 — version 3.5 - 4.6 for multiple hosts (uses block 34).

2

 — version 4.7 - 4.8 for a single host (uses block 47).

3

 — version 4.7 - 4.8 for multiple hosts (uses block 47).

4

 — version 4.9 - 4.10 for a single host (uses block 92).

5

 — version 4.9 - 4.10 for multiple hosts (uses block 92).

6

 — version 5.0+ data for a single host (uses block 111, see 

7

 — version 5.0+ data for multiple hosts (uses block 111, see 

Flags

32-bit 
field

0x00000001

 — Causes the Notes field of the host profile to be populated 

(with user-defined information about the host stored in the FireSIGHT 
System).

0x00000002

 — Causes the Banner field of the service block to be 

populated (with the first 256 bytes of the first packet detected for the 
service). Banners are disabled by default and available only if 
configured.

Start IP 
Address

uint8[4]

IP address of the host whose data should be returned (if request is for a single 
host), or the starting address in an IP address range (if request is for multiple 
hosts). Specify the address in IP address octets.

End IP 
Address

uint8[4]

Ending address in an IP address range (if request is for multiple hosts), or the 
Start IP Address value (if request is for single host).