Cisco Cisco Firepower Management Center 4000 Developer's Guide

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

HAPTER

NDERSTANDING

THE

TREAMER

PPLICATION

ROTOCOL

The Sourcefire Event Streamer (eStreamer) uses a message-oriented protocol to

stream events and host profile information to your client application. Your client

can request event and host profile data from a Defense Center, and intrusion

event data only from a managed device. Your client application initiates the data

stream by submitting request messages, which specify the data to be sent, and

then controls the message flow from the Defense Center or managed device

once streaming begins.
Throughout this document, the eStreamer service on the Defense Center or a

managed device may be referred to as the eStreamer server or eStreamer.
The following sections describe requirements for connecting to the eStreamer

service and introduce commands and data formats used in the eStreamer

protocol:

•

on page 17 describes the communication flow

between the eStreamer service and your client and describes how the

client interacts with it.

•

on page 17 describes the

communication protocol for client applications to submit data requests to

the eStreamer server and for eStreamer to deliver the requested

information to the client.

•

message types used in the eStreamer protocol, discusses the basic

structure of data packets used by eStreamer to return intrusion event data,

discovery event data, metadata, and host data to a client, and provides

other information to help you write a client that can interpret eStreamer

messages.