Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
4-33
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
The following table describes the discovery event header.
Discovery
Event Header
Device ID
Legacy IP Address
MAC Address
MAC Address, continued
Has IPv6
Reserved for future
use
Event Second
Event Microsecond
Event Type
Event Subtype
File Number (Internal Use Only)
File Position (Internal Use Only)
IPv6 Address
IPv6 Address, continued
IPv6 Address, continued
IPv6 Address, continued
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Table 4-25
Discovery Event Header Fields
Field
Data Types
Description
Device ID
uint32
ID number of the device that generated the discovery event. You
can obtain the metadata for the device by requesting Version 3
and 4 metadata. See
can obtain the metadata for the device by requesting Version 3
and 4 metadata. See
for more information.
Legacy IP Address
uint32
This field is reserved but no longer populated. The IPv4 address
is stored in the IPv6 Address field. See
is stored in the IPv6 Address field. See
for
more information.
MAC Address
uint8[6]
MAC address of the host involved in the event.
Has IPv6
uint8
Flag indicating that the host has an IPv6 address.
Reserved for future
use
use
uint8
Reserved for future use
Event Second
uint32
UNIX timestamp (seconds since 01/01/1970) that the system
generated the event.
generated the event.