Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
4-123
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Full Host Server Data Block 4.10.0+
The Full Host Server data block conveys information about a server, including the server port, the
frequency of use and most recent update, confidence of data accuracy, and Cisco and third-party
vulnerabilities related to that server for the host. The Full Host Server data block contains a Full
Sub-Server Information data block for each sub-server on the server. Each Full Host Profile data block
contains a Full Host Server data block for each TCP and UDP server on the host. The Full Host Server
data block has a block type of 104 in the series 1 group of blocks.
frequency of use and most recent update, confidence of data accuracy, and Cisco and third-party
vulnerabilities related to that server for the host. The Full Host Server data block contains a Full
Sub-Server Information data block for each sub-server on the server. Each Full Host Profile data block
contains a Full Host Server data block for each TCP and UDP server on the host. The Full Host Server
data block has a block type of 104 in the series 1 group of blocks.
Note
An asterisk(*) next to a series 1 data block name in the following diagram indicates that multiple
instances of the data block may occur.
instances of the data block may occur.
The following diagram shows the format of the Full Server data block:
::
Generic List
Block Type
Block Type
uint32
Initiates a Generic List data block. This value is always
31
.
Generic List
Block Length
Block Length
uint32
Number of bytes in the Generic List block and encapsulated
sub-server information data blocks. This number includes the eight
bytes of the generic list block header fields, plus the number of bytes
in all of the encapsulated data blocks.
sub-server information data blocks. This number includes the eight
bytes of the generic list block header fields, plus the number of bytes
in all of the encapsulated data blocks.
Server
Information Data
Blocks*
Information Data
Blocks*
variable
Server information data blocks up to the maximum number of bytes
in the list block length. For details, see
in the list block length. For details, see
.
Confidence
uint32
Confidence percentage.
Generic List
Block Type
Block Type
uint32
Initiates a Generic data block. This value is always
31
.
Generic List
Block Length
Block Length
uint32
Number of bytes in the Generic block and encapsulated web
application data blocks. This number includes the eight bytes of the
generic list block header fields, plus the number of bytes in all of the
encapsulated web application data blocks.
application data blocks. This number includes the eight bytes of the
generic list block header fields, plus the number of bytes in all of the
encapsulated web application data blocks.
Web Application
Data Blocks*
Data Blocks*
variable
Encapsulated web application data blocks up to the maximum
number of bytes in the list block length. For details, see
number of bytes in the list block length. For details, see
.
Table 4-70
Host Server Data Block Fields (continued)
Field
Data Type
Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Full Server Block Type (104)
Full Server Block Length
Port
Hits