Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
308
Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Chapter 4
Scan Result Data Block 5.2+
The Scan Result data block describes a vulnerability and is used within Add Scan
Result events (event type 1002, subtype 11). The Scan Result data block has a
block type of 142 in the series 1 group of blocks. It supersedes block type 102.
The IP address field was increased to 16 bytes for version 5.2.
The following diagram shows the format of a Scan Result data block:
The following diagram shows the format of a Scan Result data block:
IOC Number
uint16
ID Number of the compromise associated with
this event.
Source
Autonomous
System
uint32
Autonomous system number of the source,
either origin or peer.
Destination
Autonomous
System
uint32
Autonomous system number of the
destination, either origin or peer.
SNMP Input
uint16
SNMP index of the input interface.
SNMP Output
uint16
SNMP index of the output interface.
Source TOS
uint8
Type of Service byte setting for the incoming
interface.
Destination
TOS
uint8
Type of Service byte setting for the outgoing
interface.
Source Mask
uint8
Source address prefix mask.
Destination
Mask
uint8
Destination address prefix mask.
Connection Statistics Data Block 5.2+ Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Scan Result Block Type (142)
Scan Result Block Length
User ID
Scan Type