Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
173
Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Chapter 4
•
•
•
For metadata records for intrusion and correlation events, see
Fingerprint Record
The eStreamer service transmits the fingerprint metadata for an event within a
Fingerprint record, the format of which is shown below. (Fingerprint metadata is
sent when one of the metadata flags—bits 1, 14, 15, or 20 in the Request Flags
field of a request message—is set. See
on page 30.) Note that the
Record Type field, which appears after the Message Length field, has a value of
54, indicating a Fingerprint record.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (54)
Record Length
Fingerprint UUID
Fingerprint UUID
Fingerprint UUID cont.
Fingerprint UUID cont.
Fingerprint UUID cont.
OS Name Length
OS Name...
OS Vendor Length
OS Vendor...
OS Version Length
OS Version...