Cisco Cisco Firepower Management Center 4000 Developer's Guide
2-27
FireSIGHT eStreamer Integration Guide
Chapter 2 Understanding the eStreamer Application Protocol
Host Data and Multiple Host Data Message Format
The following table explains the message fields.
Host Data and Multiple Host Data Message Format
eStreamer responds to host requests by sending host data messages, each with a full host profile data
block. eStreamer sends one host data message for each host specified in the request. eStreamer uses the
type 6 message to respond to requests for a single host profile, and uses the type 7 message to respond
to requests for multiple hosts. The formats of the type 6 and type 7 messages are identical, only the
message type is different.
block. eStreamer sends one host data message for each host specified in the request. eStreamer uses the
type 6 message to respond to requests for a single host profile, and uses the type 7 message to respond
to requests for multiple hosts. The formats of the type 6 and type 7 messages are identical, only the
message type is different.
Flags
Start IP Address
End IP Address
Table 2-14
Host Request Message Fields
Field
Data Type Description
Data Type
uint32
Requests data for a single host or multiple hosts, using the following codes:
•
0
— version 3.5 - 4.6 for a single host.
•
1
— version 3.5 - 4.6 for multiple hosts (uses block 34).
•
2
— version 4.7 - 4.8 for a single host (uses block 47).
•
3
— version 4.7 - 4.8 for multiple hosts (uses block 47).
•
4
— version 4.9 - 4.10 for a single host (uses block 92).
•
5
— version 4.9 - 4.10 for multiple hosts (uses block 92).
•
6
— version 5.0+ data for a single host (uses block 111, see
•
7
— version 5.0+ data for multiple hosts (uses block 111, see
Flags
32-bit
field
field
•
0x00000001
— Causes the Notes field of the host profile to be populated
(with user-defined information about the host stored in the FireSIGHT
System).
System).
•
0x00000002
— Causes the Banner field of the service block to be
populated (with the first 256 bytes of the first packet detected for the
service). Banners are disabled by default and available only if
configured.
service). Banners are disabled by default and available only if
configured.
Start IP
Address
Address
uint8[4]
IP address of the host whose data should be returned (if request is for a single
host), or the starting address in an IP address range (if request is for multiple
hosts). Specify the address in IP address octets.
host), or the starting address in an IP address range (if request is for multiple
hosts). Specify the address in IP address octets.
End IP
Address
Address
uint8[4]
Ending address in an IP address range (if request is for multiple hosts), or the
Start IP Address value (if request is for single host).
Start IP Address value (if request is for single host).