Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
C H A P T E R
2-1
FireSIGHT eStreamer Integration Guide
2
Understanding the eStreamer Application
Protocol
Protocol
The FireSIGHT System Event Streamer (eStreamer) uses a message-oriented protocol to stream events
and host profile information to your client application. Your client can request event and host profile data
from a Defense Center, and intrusion event data only from a managed device. Your client application
initiates the data stream by submitting request messages, which specify the data to be sent, and then
controls the message flow from the Defense Center or managed device after streaming begins.
and host profile information to your client application. Your client can request event and host profile data
from a Defense Center, and intrusion event data only from a managed device. Your client application
initiates the data stream by submitting request messages, which specify the data to be sent, and then
controls the message flow from the Defense Center or managed device after streaming begins.
Throughout this document, the eStreamer service on the Defense Center or a managed device may be
referred to as the eStreamer server or eStreamer.
referred to as the eStreamer server or eStreamer.
The following sections describe requirements for connecting to the eStreamer service and introduce
commands and data formats used in the eStreamer protocol:
commands and data formats used in the eStreamer protocol:
•
describes the communication flow between the
eStreamer service and your client and describes how the client interacts with it.
•
describes the communication protocol
for client applications to submit data requests to the eStreamer server and for eStreamer to deliver
the requested information to the client.
the requested information to the client.
•
describes the message types used in the
eStreamer protocol; discusses the basic structure of data packets used by eStreamer to return
intrusion event data, discovery event data, metadata, and host data to a client; and provides other
information to help you write a client that can interpret eStreamer messages.
intrusion event data, discovery event data, metadata, and host data to a client; and provides other
information to help you write a client that can interpret eStreamer messages.
Connection Specifications
The eStreamer service:
•
Communicates using TCP over an SSL connection (the client application must support SSL-based
authentication).
authentication).
•
Accepts connection requests on port 8302.
•
Waits for the client to initiate all communication sessions.
•
Writes all message fields in network byte order (big endian).
•
Encodes text in UTF-8.