Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
4-47
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Connection Chunk Message
The Connection Chunk event has a standard discovery event header (as documented in
) followed by a Connection Chunk data block. The format differs depending on
the system version. For information on connection chunk data block format for the current version, see
. The Connection Chunk data block is block type
136 in series 1.
User Set Vulnerabilities Messages for Version 4.6.1+
User Set Valid Vulnerabilities, User Set Invalid Vulnerabilities, and User Vulnerability Qualification
messages use the same data format: the standard discovery event header (see
messages use the same data format: the standard discovery event header (see
) followed by a User Vulnerability change data block (see
, block type 80 in series 1). They are differentiated by record type, event
type, and event subtype.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Discovery Event Header
Connection Statistics Data Block
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Discovery Event Header
Connection Chunk Data Block