Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

293

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

Host Vulnerability Data Block 4.9.0+

The Host Vulnerability data block conveys vulnerabilities that apply to a host. Each 

Host Vulnerability data block describes one vulnerability for a host in an event. 

Host Vulnerability data blocks appear in the Full Host Profile, Full Host Server, and 

Full Sub-Server data blocks. The Host Vulnerability data block has a block type of 

85 in the series 1 group of blocks.
The following diagram shows the format of the Host Vulnerability data block: 

Source ID

uint32

Identification number that maps to the source of 

the affected protocols. Depending on the source 

type, this may map to RNA, a user, a scanner, or 

a third-party application.

Generic List 

Block Type

uint32

Initiates a Generic List data block. This value is 

always 31.

Generic List 

Block Length

uint32

Number of bytes in the Generic List block and 

encapsulated data blocks. This number includes 

the eight bytes of the generic list block header 

fields, plus the number of bytes in all of the 

encapsulated data blocks.

User Protocol 

Data Blocks

variable

Encapsulated User Protocol data blocks up to the 

maximum number of bytes in the list block 

length.

User Protocol List Data Block Fields (Continued)

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Host Vulnerability Block Type (85)

Host Vulnerability Block Length

Host Vulnerability ID

Invalid Flags

Type

Type (cont.)