Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
523
Understanding Legacy Data Structures
Legacy Discovery Data Structures
Appendix B
Full Server Data Block for 4.9.0.x
The Full Server data block conveys information about a server, including the
server port, the frequency of use and most recent update, server ID, vendor,
product, and version, confidence of data accuracy, Sourcefire and third-party
vulnerabilities related to that server for the host for the event, and source type
and source identification. A Full Server data block for each TCP and UDP server on
the host in the event is included in a list in the Full Host Profile data block.
Changes for the 4.9.0.x data block include new source type and source ID fields
and a 32-bit server ID field. The Full Server data block has a block type of 90.
IMPORTANT!
An asterisk(*) next to a data block name in the following diagram
indicates that multiple instances of the data block may occur.
Sub-Server
Block Length
uint32
Total number of bytes in each Sub-Server data
block, including the eight bytes in the Sub-
Server block type and length fields, plus the
number of bytes of data that follows.
Sub-Server
Data
variable
Sub-server data as documented in
Confidence
uint32
System confidence percentage.
Generic List
Block Type
uint32
Initiates a Generic List data block. This value is
always 31.
Generic List
Block Length
uint32
Number of bytes in the Generic List block and
encapsulated Web Application data blocks. This
number includes the eight bytes of the generic
list block header fields, plus the number of
bytes in all of the encapsulated Web
Application data blocks.
Web
Application
Data Blocks
variable
Encapsulated Web Application data blocks up
to the maximum number of bytes in the list
block length.
Host Server Data Fields 4.9.1.x (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION