Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
189
Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Chapter 4
Web Application Record
The system detects the content of HTTP traffic from websites, if available. Web
application metadata for a host discovery event may include the specific type of
content (for example, WMV or QuickTime).
The eStreamer service transmits the web application metadata for an event
The eStreamer service transmits the web application metadata for an event
within a Web Application record, the format of which is shown below. (Web
application metadata is sent when one of the metadata flags—bits 1, 14, 15, or
page 30.) Note that the Record Type field, which appears after the Message
Length field, has a value of 109, indicating a Web Application record.
The
table describes the fields in the Web
Application record.
User Record Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
User ID
uint32
The ID string for the user.
Protocol
uint32
The protocol for the traffic where the user was
detected.
Name Length
uint32
The number of bytes included in the user
name.
Name
string
The name of the user.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (109)
Record Length
Application ID
Name Length
Name...