Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

206

Understanding Discovery & Connection Data Structures

Metadata for Discovery Events

Chapter 4

New Host and Host Last Seen Messages

New Host and Host Last Seen event messages have a standard discovery event

header and a Host Profile data block (as documented in

Host Profile Data Block

for 5.2+

on page 343).

Note that the Host Last Seen message includes server information only for

servers on the host that have changed within the Update Interval set in the

discovery detection policy. In other words, only servers that have changed since

the system last reported information will be included in the Host Last Seen

message.

IMPORTANT!

The Host Profile data block differs depending on which system

version created the message. For information on legacy versions of the Host

Profile data block, see

Legacy Host Data Structures

on page 656.

Server Messages

The following TCP and UDP server event messages have a standard discovery

event header (as documented in

Discovery Event Header 5.2+

on page 198)

followed by a Server data block (as documented in

Host Server Data Block

4.10.0+

on page 312):

•

New TCP Server

•

New UDP Server

•

TCP Server Information Update

•

UDP Server Information Update

•

TCP Server Confidence Update

•

UDP Server Confidence Update

Byte

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Discovery Event Header

Host Profile Data Block