Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

124

Understanding Intrusion and Correlation Data Structures

Understanding Series 2 Data Blocks

Chapter 3

The 

 table describes the fields of the List data block.

Generic List Data Block

The eStreamer service uses the Generic List data block to encapsulate a list of 

data blocks. For example, the Host Profile data block contains information about 

multiple client applications and uses the Generic List block to embed a list of 

Client Application data blocks in the message. The Generic List data block has a 

block type of 3 in the series 2 group of blocks.
The following diagram shows the basic structure of a Generic List data block:

List Data Fields 

Block Type

uint32

Initiates a List data block. This value is always 2.

Block Length

uint32

Number of bytes in the List block and 

encapsulated data. For example, if there were 

three Sub-Server data blocks included in the list, 

the value here would include the total number of 

bytes in the Sub-Server blocks, plus eight bytes 

for the List block header.

Encapsulated 

Data Blocks

variable

Encapsulated data blocks up to the maximum 

number of bytes in the list block length.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Data Block Type (3)

Data Block Length

Encapsulated Data Blocks...