Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

289

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

User Attribute Value Data Block 4.7+

The User Attribute Value data block contains a list of IP address ranges that 

indicate the hosts where the attribute value has changed, together with the 

identification number for the user who added the attribute value, information 

about the source that supplied the attribute value, and the BLOB data block 

containing the attribute value. The User Attribute Value data block has a block 

type of 82 in the series 1 group of blocks. Changes from the previous User 

Attribute Value data block include a new source type field and the use of the 

Generic list data block instead of the List data block to store IP addresses. 
The following diagram shows the structure of a User Attribute Value data block:

Source Type

uint32

Number that maps to the type of data source: 
•

0

 if the user criticality value was provided by 

RNA 

1

 if the user criticality value was provided by a 

user

2

 if the user criticality value was provided by a 

third-party scanner

3

 if the user criticality value was provided by a 

command line tool such as nmimport.pl or the 

Host Input API client

Criticality 

Value

uint32

User criticality value. 

User Criticality Data Block Fields (Continued)

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

User Attribute Value Data Block Type (82)

User Attribute Value Block Length

IP Address  Range Bloc

ks

Generic List Block Type (31)

Generic List Block Length

IP Address Range Specification Data Blocks...