Cisco Cisco Firepower Management Center 4000 Developer's Guide
4-38
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Note that the Host Last Seen message includes server information only for servers on the host that have
changed within the Update Interval set in the discovery detection policy. In other words, only servers
that have changed since the system last reported information will be included in the Host Last Seen
message.
changed within the Update Interval set in the discovery detection policy. In other words, only servers
that have changed since the system last reported information will be included in the Host Last Seen
message.
Note
The Host Profile data block differs depending on which system version created the message. For
information on legacy versions of the Host Profile data block, see
information on legacy versions of the Host Profile data block, see
.
Server Messages
The following TCP and UDP server event messages have a standard discovery event header (as
documented in
documented in
) followed by a Server data block (as
documented in
, block type 103 in series 1):
•
New TCP Server
•
New UDP Server
•
TCP Server Information Update
•
UDP Server Information Update
•
TCP Server Confidence Update
•
UDP Server Confidence Update
Note
The Server data block differs depending on which system version created the message. For information
on the legacy versions of the Server data block, see
on the legacy versions of the Server data block, see
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Discovery Event Header
Host Profile Data Block