Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
3-48
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Understanding Series 2 Data Blocks
String Data Block
The eStreamer service uses the String data block to send string data in messages. These blocks
commonly appear within other data blocks to identify, for example, operating system or server names.
commonly appear within other data blocks to identify, for example, operating system or server names.
Empty String data blocks (containing no data, only the header fields) have a block length of 8. eStreamer
uses an empty String data block when it has no content for a string value, as might happen, for example,
in the OS vendor string field in an Operating System data block when the vendor of the operating system
is unknown.
uses an empty String data block when it has no content for a string value, as might happen, for example,
in the OS vendor string field in an Operating System data block when the vendor of the operating system
is unknown.
The String data block has a block type of 0 in the series 2 group of blocks.
Note
Strings returned in this data block are not always null-terminated (that is, the string characters are not
always followed by a 0).
always followed by a 0).
The following diagram shows the format of the String data block:
The following table describes the fields of the String data block.
BLOB Data Block
The eStreamer service uses the BLOB data block to convey binary data. For example, host discovery
records use the BLOB block to hold captured server banners. The BLOB data block has a block type of
1 in the series 2 group of blocks.
records use the BLOB block to hold captured server banners. The BLOB data block has a block type of
1 in the series 2 group of blocks.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Data Block Type (0)
Data Block Length
String Data...
Table 3-27
String Block Fields
Field
Data Type
Description
Data Block Type
uint32
Initiates a String data block. This value is always
0
.
Data Block Length
uint32
Combined length in bytes of the string data block header and string
data.
data.
String Data
string
Contains the string data and may contain a terminating character
(null byte) at the end of the string.
(null byte) at the end of the string.