Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
529
Understanding Legacy Data Structures
Legacy Discovery Data Structures
Appendix B
Full Server Data Block for 4.9.1.x
The Full Server data block conveys information about a server, including the
server port, the frequency of use and most recent update, server ID, vendor,
product, and version, confidence of data accuracy, Sourcefire and third-party
vulnerabilities related to that server for the host for the event, and source type
and source identification. A Full Server data block for each TCP and UDP server on
the host in the event is included in a list in the Full Host Profile data block. The
4.9.1+ data block includes a new list of Web Application data blocks. The Full
Server data block has a block type of 99.
IMPORTANT!
An asterisk(*) next to a data block name in the following diagram
indicates that multiple instances of the data block may occur.
The following diagram shows the format of the Full Server data block:
::
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Full Server Block Type (99)
Full Server Block Length
Port
Hits
Se
rv
ers
-
VDB
Hits, continued
Generic List Block Type (31)
Generic List Block Type, continued
Generic List Block Length
Generic List Block Length, continued
Server Information Data Blocks*
Server
s -
User
Generic List Block Type (31)
Generic List Block Length
Server Information Data Blocks*
Servers -
Scanner
Generic List Block Type (31)
Generic List Block Length
Server Information Data Blocks*
Servers -
App
licatio
n
Generic List Block Type (31)
Generic List Block Length
Server Information Data Blocks*
Server Confidence