Cisco Cisco Firepower Management Center 4000 Developer's Guide
2-24
FireSIGHT eStreamer Integration Guide
Chapter 2 Understanding the eStreamer Application Protocol
Host Request Message Format
Data Block Header
Series 1 blocks and series 2 blocks have similar structures but distinct numbering. These blocks can
appear anywhere in the data portion of a discovery, correlation, connection, or event extra data message.
These blocks encapsulate other blocks at multiple levels of nesting.
appear anywhere in the data portion of a discovery, correlation, connection, or event extra data message.
These blocks encapsulate other blocks at multiple levels of nesting.
The data blocks in both the first and second series begin with the header structure shown in the graphic
below. The following table provides information about the header fields. The header is followed
immediately by the data structure associated with the data block type.
below. The following table provides information about the header fields. The header is followed
immediately by the data structure associated with the data block type.
Host Request Message Format
To receive host profiles, you submit Host Request messages. You can request data for a single host or
multiple hosts defined by an IP address range.
multiple hosts defined by an IP address range.
Note that it is mandatory for all data requests, including requests for host profile information, to first
initialize the session by submitting an Event Stream Request message. To set up for streaming host data
only, you can use any of the following request flag settings in your initial Event Stream Request
message:
initialize the session by submitting an Event Stream Request message. To set up for streaming host data
only, you can use any of the following request flag settings in your initial Event Stream Request
message:
•
set the bit for the appropriate version of metadata (this can be beneficial when streaming host data)
•
set no request flags
•
set bit 11 (to suppress any default event streaming if using legacy versions of eStreamer)
After the initial message, you then use a Host Request message (type 5) to specify the hosts.
Note
For legacy eStreamer versions with default event streaming, if you want to stream only host profile data,
you must suppress the default event messages. First send the server an Event Stream Request message
with bit 11 in the Request Flags field set to
you must suppress the default event messages. First send the server an Event Stream Request message
with bit 11 in the Request Flags field set to
1
; then, send the Host Request message.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Data Block Type
Data Block Length
Table 2-12
Field
Data Type
Description
Data Block Type
uint32
For series 1 block types, see
.
For series 2 block types, see
Data Block Length uint32
Length of the data block. Includes the number of bytes of data
plus the 8 bytes in the two data block header fields.
plus the 8 bytes in the two data block header fields.