Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
4-100
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
The following table describes the fields of the User Hosts data block.
User Vulnerability Change Data Block 4.7+
The User Vulnerability Change data block contains a list of deactivated vulnerabilities for the host, the
identification number for the user who deactivated the vulnerabilities, information about the source that
supplied the vulnerability changes, and the criticality value. The User Vulnerability Change data block
has a block type of 80 in the series 1 group of blocks. Changes from the previous User Vulnerability
Change data block include a new source type field and the use of the Generic list data block instead of
the List data block to store vulnerability deactivations. This data block is used in user vulnerability
change messages as documented in
identification number for the user who deactivated the vulnerabilities, information about the source that
supplied the vulnerability changes, and the criticality value. The User Vulnerability Change data block
has a block type of 80 in the series 1 group of blocks. Changes from the previous User Vulnerability
Change data block include a new source type field and the use of the Generic list data block instead of
the List data block to store vulnerability deactivations. This data block is used in user vulnerability
change messages as documented in
Table 4-58
User Hosts Data Block Fields
Field
Number of
Bytes
Bytes
Description
User Hosts
Block Type
Block Type
uint32
Initiates a User Hosts data block. This value is always
78
.
User Hosts
Block Length
Block Length
uint32
Total number of bytes in the User Hosts data block, including eight
bytes for the user hosts block type and length fields, plus the number of
bytes of user hosts data that follows.
bytes for the user hosts block type and length fields, plus the number of
bytes of user hosts data that follows.
Generic List
Block Type
Block Type
uint32
Initiates a Generic List data block comprising IP Range Specification
data blocks conveying IP address range data. This value is always
data blocks conveying IP address range data. This value is always
31
.
Generic List
Block Length
Block Length
uint32
Number of bytes in the Generic List data block, including the list header
and all encapsulated IP Range Specification data blocks.
and all encapsulated IP Range Specification data blocks.
IP Range
Specification
Data Blocks *
Specification
Data Blocks *
variable
IP Range Specification data blocks containing information about the IP
address ranges for the user input. See
address ranges for the user input. See
for a description of this data block.
Generic List
Block Type
Block Type
uint32
Initiates a Generic List data block comprising MAC Range
Specification data blocks conveying MAC address range data. This
value is always
Specification data blocks conveying MAC address range data. This
value is always
31
.
Generic List
Block Length
Block Length
uint32
Number of bytes in the Generic List data block, including the list header
and all encapsulated MAC Range Specification data blocks.
and all encapsulated MAC Range Specification data blocks.
MAC Range
Specification
Data Blocks *
Specification
Data Blocks *
variable
MAC Range Specification data blocks containing information about the
MAC address ranges for the user input. See
MAC address ranges for the user input. See
for a description of this data block.
Source ID
uint32
Identification number that maps to the source that added or updated the
hostdata. Depending on the source type, this may map to RNA, a user,
a scanner, or a third-party application.
hostdata. Depending on the source type, this may map to RNA, a user,
a scanner, or a third-party application.
Source Type
uint32
Number that maps to the type of data source:
•
0
if the host data was detected by RNA
•
1
if the host data was provided by a user
•
2
if the host data was detected by a third-party scanner
•
3
if the host data was provided by a command line tool such as
nmimport.pl
or the Host Input API client