Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
12
Introduction
Prerequisites
Chapter 1
Descriptions of the data structures returned by eStreamer make up the majority
of this book. The chapters in the book are:
•
, which
provides an overview of eStreamer communications, details some of the
requirements for writing eStreamer client applications, and describes the
four types of messages used to send commands to and receive data from
the eStreamer service.
•
, which
documents the data formats used to return event data generated by the
intrusion detection and correlation components and the data formats used
to represent the intrusion and correlation events.
•
, which
documents the data formats used to return discovery, user, and connection
event data.
•
, which documents the data
formats that eStreamer uses to return full host information data when it
receives a host information request message.
•
, which documents how to configure the
eStreamer on a Defense Center or managed device. The chapter also
documents the eStreamer command-line switches and provides
instructions for manually starting and stopping the eStreamer service and
for configuring the Defense Center or managed device to start eStreamer
automatically.
•
, which provides examples of
eStreamer message packets in binary format.
•
, which documents the
structure of legacy data structures that are no longer in use by the currently
shipping product but may be used by older clients.
Prerequisites
To understand the information in this guide, you should be familiar with the
features and nomenclature of the Sourcefire 3D System and the function of its
components in general, and with the different types of event data these
components generate in particular. Definitions of unfamiliar or product-specific
terms can frequently be obtained from the Sourcefire 3D System eStreamer
Integration Guide.