Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

261

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

Attribute Definition Data Block for 4.7+

The Attribute Definition data block contains the attribute definition in an attribute 

creation, change, or deletion event and is used within Host Attribute Add events 

(event type 1002, subtype 6), Host Attribute Update events (event type 1002, 

subtype 7), and Host Attribute Delete events (event type 1002, subtype 8). It has 

a block type of 55 in the series 1 group of blocks.
For more information on those events, see 

 on page 218.

The following diagram shows the basic structure of an Attribute Definition data 

block:

String Block 

Length

uint32

Number of bytes in the control message String 

data block, including eight bytes for the block 

type and length fields, plus the number of 

bytes in the control message.

Control 

Message

uint32

The control message from the policy engine.

Policy Engine Control Message Data Block Fields (Continued)

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Attribute Definition Block Type (55)

Attribute Definition Block Length

Source ID

UUID

UUID, continued

UUID, continued

UUID, continued

ID

Name

String Block Type (0)

String Block Length

Name...

Attribute Type