Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

The FireSIGHT System Event Streamer (eStreamer) uses a message-oriented protocol to stream events 
and host profile information to your client application. Your client can request event and host profile data 
from a Defense Center, and intrusion event data only from a managed device. Your client application 
initiates the data stream by submitting request messages, which specify the data to be sent, and then 
controls the message flow from the Defense Center or managed device after streaming begins.

Throughout this document, the eStreamer service on the Defense Center or a managed device may be 
referred to as the eStreamer server or eStreamer.

The following sections describe requirements for connecting to the eStreamer service and introduce 
commands and data formats used in the eStreamer protocol:

 describes the communication flow between the 

eStreamer service and your client and describes how the client interacts with it.

 describes the communication protocol 

for client applications to submit data requests to the eStreamer server and for eStreamer to deliver 
the requested information to the client.

 describes the message types used in the 

eStreamer protocol; discusses the basic structure of data packets used by eStreamer to return 
intrusion event data, discovery event data, metadata, and host data to a client; and provides other 
information to help you write a client that can interpret eStreamer messages.

The eStreamer service:

Communicates using TCP over an SSL connection (the client application must support SSL-based 
authentication).

Accepts connection requests on port 8302.

Waits for the client to initiate all communication sessions.

Writes all message fields in network byte order (big endian).

Encodes text in UTF-8.