Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
545
Understanding Legacy Data Structures
Legacy Discovery Data Structures
Appendix B
Scan Result Data Block for 4.6.1 - 4.9.1.x
The Scan Result data block describes a vulnerability and is used within Add Scan
Result events (event type 1002, subtype 11). The Scan Result data block has a
block type of 72.
The following diagram shows the format of a Scan Result data block:
The following diagram shows the format of a Scan Result data block:
Scan Result
Subtype
string
Scan result subtype.
String Block
Type
uint32
Initiates a String data block that contains the
value. This value is always 0.
String Block
Length
uint32
Number of bytes in the value String data block,
including eight bytes for the block type and
length fields, plus the number of bytes in the
value.
Scan result
value
string
Scan result value.
Generic Scan Result Data Block for 4.9.1.x and earlier Fields (Continued)
F
IELD
N
UMBER
OF
B
YTES
D
ESCRIPTION
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Scan Result Block Type (72)
Scan Result Block Length
User ID
Scan Type
IP Address
Port
Protocol
List Block Type (11)
Scan V
ulnerability List
List Block Length
Vu
ln
erability List
Scan Vulnerability Block Type (44)
Scan Vulnerability Block Length
Vulnerability Data*...