Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
4-108
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
The following diagram shows the format of an identity data block for 4.9+.
The following table describes the fields of the Cisco identity data block.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Identity Data Block Type (94)
Identity Data Block Length
Identity Data Source Type
Identity Data Source ID
Identity
UUID
Identity UUID
Identity UUID, continued
Identity UUID, continued
Identity UUID, continued
Port
Protocol
Server Map ID
Table 4-64
Identity Data Block Fields
Field
Data Type
Description
Identity Data
Block Type
Block Type
uint32
Initiates the Identity data block. This value is always
94
.
Identity Data
Block Length
Block Length
uint32
Number of bytes in the Identity data block. This value should always
be 40: sixteen bytes for the data block type and length fields and the
source type and ID fields, sixteen bytes for the fingerprint UUID
value, two bytes for the port, two bytes for the protocol, and four
bytes for the SM ID.
be 40: sixteen bytes for the data block type and length fields and the
source type and ID fields, sixteen bytes for the fingerprint UUID
value, two bytes for the port, two bytes for the protocol, and four
bytes for the SM ID.
Identity Data
Source Type
Source Type
uint32
Number that maps to the type of data source:
•
0
if the fingerprint data was provided by RNA
•
1
if the fingerprint data was provided by a user
•
2
if the fingerprint data was provided by a third-party scanner
•
3
if the fingerprint data was provided by a command line tool
such as
nmimport.pl
or the Host Input API client
Identity Data
Source ID
Source ID
uint32
Identification number that maps to the source of the fingerprint data.
Depending on the source type, this may map to RNA, a user, a
scanner, or a third-party application.
Depending on the source type, this may map to RNA, a user, a
scanner, or a third-party application.
UUID
uint8[16]
If the identity is an operating system identity, the identification
number, in octets, that acts as a unique identifier for the fingerprint.
number, in octets, that acts as a unique identifier for the fingerprint.