Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

225

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

Series 1 Primitive Data Blocks

Both series 1 and series 2 blocks include a set of primitives that encapsulate lists 

of variable-length blocks as well as variable-length strings and BLOBs within 

messages. These primitive blocks have the standard series 1 block header 

discussed above. These primitives appear only within other series 1 data blocks. 

Any number can be included in a given block type. For details on the structure of 

the primitive blocks, see the following:

Host Discovery and Connection Data Blocks

For the list of block types in host discovery and connection events, see the 

 on page 225. The block types in 

user events are described in the 

 on page 363. These 

are all series 1 data blocks. 
Each entry in the table below contains a link to the subsection where the data 

block is defined. For each block type, the status (current or legacy) is indicated. A 

current data block is the latest version. A legacy data block is one that is used for 

an older version of the product, and the message format can still be requested 

from eStreamer. 

Host Discovery and Connection Data Block Types 

0

String

Current

Contains string data. See 

 on page 237 for more 

information.

1

Sub-Server

Current

Contains information about a sub-

server detected on a server. See 

 on page 241 

for more information.

4

Protocol

Current

Contains protocol data. See 

 on page 243 for more 

information.

7

Integer Data

Current

Contains integer (numeric) data. See 

page 244 for more information.