Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
198
Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Chapter 4
The
table describes the
fields in the Security Intelligence Source/Destination record.
Discovery Event Header 5.2+
Discovery and connection event messages contain a discovery event header. It
conveys the type and subtype of the event, the time the event occurred, the
device on which the event occurred, and the structure of the event data in the
message. This header is followed by the actual host discovery, user, or
connection event data. The structures associated with the different event
type/subtype values are described in
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (281)
Record Length
Security Intelligence Source/Destination ID
Security Intelligence Source/Destination Length
Security Intelligence Source/Destination...
Security Intelligence Source/Destination Record Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Security
Intelligence
Source/
Destination ID
uint32
The Security Intelligence source/destination ID
number.
Security
Intelligence
Source/
Destination
Length
uint32
The number of bytes included in the Security
Intelligence source/destination.
Security
Intelligence
Source/
Destination
string
Whether the detected IP address is a source
or destination IP address.