Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

164

C

HAPTER

 4

U

NDERSTANDING

 D

ISCOVERY

 & 

C

ONNECTION

 D

ATA

 S

TRUCTURES

This chapter provides details about the data structures used in eStreamer 

messages for discovery and connection events, as well as the metadata for those 

events. Discovery and connection event messages use the same general 

message format and series of data blocks; the differences are in the contents of 

data blocks themselves.
Discovery events include two sub-categories of events:

Host discovery events, which identify new and changed hosts on your 

managed network, including the applications running on the hosts detected 

from the contents of the packets, and the host vulnerabilities. 

User events, which report the detection of new users and user activity, such 

as logins.

Connection events report information about the session traffic between your 

monitored hosts and all other hosts. Connection information includes the first and 

last packet of the transaction, source and destination IP address, source and 

destination port, and the number of packets and bytes sent and received. If 

applicable, connection events also report the client application and URL involved 

in the session.
For information about requesting discovery or connection events from the 

eStreamer server, see 

 on page 30. 

For information about the general structure of eStreamer event data messages, 

 on page 38.

See the following sections in this chapter for more information about discovery 

and connection event data structures: