Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
B-141
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy Host Data Structures
Full Host Profile Data Block 5.1.1
The Full Host Profile data block for version 5.1.1 contains a full set of data describing one host. It has
the format shown in the graphic below and explained in the following table. Note that, except for List
data blocks, the graphic does not show the fields of the encapsulated data blocks. These encapsulated
data blocks are described separately in
the format shown in the graphic below and explained in the following table. Note that, except for List
data blocks, the graphic does not show the fields of the encapsulated data blocks. These encapsulated
data blocks are described separately in
. The Full Host Profile data block a block type value of 135. It deprecates data block 111.
Note
An asterisk(*) next to a block name in the following diagram indicates that multiple instances of the data
block may occur.
block may occur.
Generic List
Block Length
Block Length
uint32
Number of bytes in the Generic List data block, including the list
header and all encapsulated data blocks.
header and all encapsulated data blocks.
(Third
Party/VDB) Host
Vulnerability
Data Blocks *
Party/VDB) Host
Vulnerability
Data Blocks *
variable
Host Vulnerability data blocks sourced from a third party scanner and
containing information about host vulnerabilities cataloged in the
Cisco vulnerability database (VDB). See
containing information about host vulnerabilities cataloged in the
Cisco vulnerability database (VDB). See
for a description of this data block.
Generic List
Block Type
Block Type
uint32
Initiates a Generic List data block comprising Host Vulnerability data
blocks conveying third party scan vulnerability data. This value is
always
blocks conveying third party scan vulnerability data. This value is
always
31
.
Generic List
Block Length
Block Length
uint32
Number of bytes in the Generic List data block, including the list
header and all encapsulated data blocks.
header and all encapsulated data blocks.
(Third Party
Scan) Host
Vulnerability
Data Blocks *
Scan) Host
Vulnerability
Data Blocks *
variable
Host Vulnerability data blocks sourced from a third party scanner.
Note that the host vulnerability IDs for these data blocks are the third
party scanner IDs, not Cisco-detected IDs. See
Note that the host vulnerability IDs for these data blocks are the third
party scanner IDs, not Cisco-detected IDs. See
for a description of this data block.
List Block Type
uint32
Initiates a List data block comprising Attribute Value data blocks
conveying attribute data. This value is always
conveying attribute data. This value is always
11
.
List Block
Length
Length
uint32
Number of bytes in the List data block, including the list header and
all encapsulated data blocks.
all encapsulated data blocks.
Attribute Value
Data Blocks *
Data Blocks *
variable
List of Attribute Value data blocks. See
for a description of the data blocks in this list.
Table B-31
Full Host Profile Record 5.0 - 5.0.2 Fields (continued)
Field
Data Type
Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Full Host Profile Data Block (135)
Data Block Length
IP Address