Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
4-55
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Understanding Discovery (Series 1) Blocks
Understanding Discovery (Series 1) Blocks
Most discovery and connection events incorporate one or more data blocks from the series 1 group of
data structures. Each series 1 data block type conveys a particular type of information. The block type
number appears in the data block header which precedes the data in the block. For information on block
header format, see
data structures. Each series 1 data block type conveys a particular type of information. The block type
number appears in the data block header which precedes the data in the block. For information on block
header format, see
Series 1 Data Block Header
The series 1 data block header, like the series 2 block header, has two 32-bit integer fields that contain
the block’s type number and the block length.
the block’s type number and the block length.
Note
The data block length field contains the number of bytes in the entire data block, including the eight
bytes of the two data block header fields.
bytes of the two data block header fields.
For some block series 1 types, the block header is followed immediately by raw data. In more complex
block types, the header may be followed by standard fixed length fields or by the header of a series 1
primitive block that encapsulates another series 1 data block or list of blocks.
block types, the header may be followed by standard fixed length fields or by the header of a series 1
primitive block that encapsulates another series 1 data block or list of blocks.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Discovery Event Header
User Login Information Data Block
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Data Block Type
Data Block Length