Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
164
C
HAPTER
4
U
NDERSTANDING
D
ISCOVERY
&
C
ONNECTION
D
ATA
S
TRUCTURES
This chapter provides details about the data structures used in eStreamer
messages for discovery and connection events, as well as the metadata for those
events. Discovery and connection event messages use the same general
message format and series of data blocks; the differences are in the contents of
data blocks themselves.
Discovery events include two sub-categories of events:
Discovery events include two sub-categories of events:
•
Host discovery events, which identify new and changed hosts on your
managed network, including the applications running on the hosts detected
from the contents of the packets, and the host vulnerabilities.
•
User events, which report the detection of new users and user activity, such
as logins.
Connection events report information about the session traffic between your
monitored hosts and all other hosts. Connection information includes the first and
last packet of the transaction, source and destination IP address, source and
destination port, and the number of packets and bytes sent and received. If
applicable, connection events also report the client application and URL involved
in the session.
For information about requesting discovery or connection events from the
For information about requesting discovery or connection events from the
eStreamer server, see
For information about the general structure of eStreamer event data messages,
See the following sections in this chapter for more information about discovery
and connection event data structures: