Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
2-26
FireSIGHT eStreamer Integration Guide
Chapter 2 Understanding the eStreamer Application Protocol
Host Request Message Format
The following table explains the message fields.
The graphic below shows the format for the legacy Host Request message. eStreamer will still respond
to this request. The only difference from the current request is the smaller IPv4 address fields. The
shaded fields are specific to the Host Request message format and are defined in the following table. The
preceding three fields are the standard message header.
to this request. The only difference from the current request is the smaller IPv4 address fields. The
shaded fields are specific to the Host Request message format and are defined in the following table. The
preceding three fields are the standard message header.
Table 2-13
Host Request Message Fields
Field
Data Type
Description
Data Type
uint32
Requests data for a single host or multiple hosts, using the following
codes:
codes:
•
0
— version 3.5 - 4.6 for a single host.
•
1
— version 3.5 - 4.6 for multiple hosts (uses block 34).
•
2
— version 4.7 - 4.8 for a single host (uses block 47).
•
3
— version 4.7 - 4.8 for multiple hosts (uses block 47).
•
4
— version 4.9 - 4.10 for a single host (uses block 92).
•
5
— version 4.9 - 4.10 for multiple hosts (uses block 92).
•
6
— version 5.0+ data for a single host (uses block 111, see
).
•
7
— version 5.0+ data for multiple hosts (uses block 111, see
).
Flags
32-bit field
•
0x00000001
— Causes the Notes field of the host profile to be
populated (with user-defined information about the host stored in
the FireSIGHT System).
the FireSIGHT System).
•
0x00000002
— Causes the Banner field of the service block to be
populated (with the first 256 bytes of the first packet detected for
the service). Banners are disabled by default and available only if
configured.
the service). Banners are disabled by default and available only if
configured.
Start IP
Address
Address
uint8[16]
IP address of the host whose data should be returned (if request is for a
single host), or the starting address in an IP address range (if request is
for multiple hosts). Can be either an IPv4 or IPv6 address.
single host), or the starting address in an IP address range (if request is
for multiple hosts). Can be either an IPv4 or IPv6 address.
End IP
Address
Address
uint8[16]
Ending address in an IP address range (if request is for multiple hosts),
or the Start IP Address value (if request is for single host). Can be either
an IPv4 or IPv6 address.
or the Start IP Address value (if request is for single host). Can be either
an IPv4 or IPv6 address.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (5)
Message Length
Data Type