Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

308

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

Scan Result Data Block 5.2+

The Scan Result data block describes a vulnerability and is used within Add Scan 

Result events (event type 1002, subtype 11). The Scan Result data block has a 

block type of 142 in the series 1 group of blocks. It supersedes block type 102. 

The IP address field was increased to 16 bytes for version 5.2.
The following diagram shows the format of a Scan Result data block:

IOC Number

uint16

ID Number of the compromise associated with 

this event.

Source 

Autonomous 

System

uint32

Autonomous system number of the source, 

either origin or peer.

Destination 

Autonomous 

System

uint32

Autonomous system number of the 

destination, either origin or peer.

SNMP Input

uint16

SNMP index of the input interface.

SNMP Output

uint16

SNMP index of the output interface.

Source TOS

uint8

Type of Service byte setting for the incoming 

interface.

Destination 

TOS

uint8

Type of Service byte setting for the outgoing 

interface.

Source Mask

uint8

Source address prefix mask.

Destination 

Mask

uint8

Destination address prefix mask.

Connection Statistics Data Block 5.2+ Fields (Continued)

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Scan Result Block Type (142)

Scan Result Block Length

User ID

Scan Type