Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

287

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

User Criticality Change Data Block 4.7+

The User Criticality data block is used to contain a list of IP address range 

specifications for hosts where the host criticality changed, the identification 

number for the user who updated the criticality value, information about the 

source that supplied the criticality value, and the criticality value. The User 

Criticality data block has a block type of 81 in the series 1 group of blocks. 

Changes from the previous User Criticality data block include a new source type 

field and the use of the Generic list data block instead of the List data block to 

store IP addresses. 
The User Criticality data block is used in user set host criticality messages as 

documented in 

The following diagram shows the basic structure of a User Criticality data block:

Generic List 

Block Length

uint32

Number of bytes in the Generic List block and 

encapsulated data blocks. This number includes 

the eight bytes of the generic list block header 

fields, plus the number of bytes in all of the 

encapsulated data blocks.

User 

Vulnerability 

Data Blocks

variable

Encapsulated User Vulnerability data blocks up to 

the maximum number of bytes in the list block 

length. For more information, see 

or 

User Vulnerability Change Data Block Fields (Continued)

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

User Criticality Data Block Type (81)

User Criticality Block Length