Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

189

Understanding Discovery & Connection Data Structures

Metadata for Discovery Events

Chapter 4

Web Application Record

The system detects the content of HTTP traffic from websites, if available. Web 

application metadata for a host discovery event may include the specific type of 

content (for example, WMV or QuickTime).
The eStreamer service transmits the web application metadata for an event 

within a Web Application record, the format of which is shown below. (Web 

application metadata is sent when one of the metadata flags—bits 1, 14, 15, or 

20 in the Request Flags field of a request message—is set. See 

page 30.) Note that the Record Type field, which appears after the Message 

Length field, has a value of 109, indicating a Web Application record.

The 

 table describes the fields in the Web 

Application record.

User Record Fields 

User ID

uint32

The ID string for the user.

Protocol

uint32

The protocol for the traffic where the user was 

detected.

Name Length

uint32

The number of bytes included in the user 

name.

Name

string

The name of the user.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (109)

Record Length

Application ID

Name Length

Name...