Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

539

Understanding Legacy Data Structures

Legacy Discovery Data Structures

Appendix B

Host Client Application Data Block for 4.9.1 - 4.10.x

The Client Application data block for 4.9.1 - 4.10.x describes a client application 

and is used within New Client Application events (event type 1001, subtype 7) 

and Client Application Timeout events (event type 1001, subtype 20). The Client 

Application data block for 4.9.1 - 4.10.x has a block type of 100. Its successor, 

introduced for 5.0+, has a block type of 122.
The following diagram shows the basic structure of a Client Application data 

block:

Hits

uint32

Number of times the system has detected the 

client application in use.

Last Used

uint32

UNIX timestamp that represents the last time the 

system detected the client in use.

Type ID

uint32

Identification number of the detected client 

application type, if applicable. 

ID

uint32

Identification number of the detected client 

application, if applicable.

String Block 

Type

uint32

Initiates a String data block for the client 

application version. This value is always 0.

String Block 

Length

uint32

Number of bytes in the String data block for the 

client application name, including eight bytes for 

the string block type and length plus the number 

of bytes in the client application version.

Version

string

Client application version.

Client Application Data Block 3.5 - 4.9.0.x Fields (Continued)

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Client Application Block Type (100)

Client Application Block Length

Hits

Last Used