Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
539
Understanding Legacy Data Structures
Legacy Discovery Data Structures
Appendix B
Host Client Application Data Block for 4.9.1 - 4.10.x
The Client Application data block for 4.9.1 - 4.10.x describes a client application
and is used within New Client Application events (event type 1001, subtype 7)
and Client Application Timeout events (event type 1001, subtype 20). The Client
Application data block for 4.9.1 - 4.10.x has a block type of 100. Its successor,
introduced for 5.0+, has a block type of 122.
The following diagram shows the basic structure of a Client Application data
The following diagram shows the basic structure of a Client Application data
block:
Hits
uint32
Number of times the system has detected the
client application in use.
Last Used
uint32
UNIX timestamp that represents the last time the
system detected the client in use.
Type ID
uint32
Identification number of the detected client
application type, if applicable.
ID
uint32
Identification number of the detected client
application, if applicable.
String Block
Type
uint32
Initiates a String data block for the client
application version. This value is always 0.
String Block
Length
uint32
Number of bytes in the String data block for the
client application name, including eight bytes for
the string block type and length plus the number
of bytes in the client application version.
Version
string
Client application version.
Client Application Data Block 3.5 - 4.9.0.x Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Client Application Block Type (100)
Client Application Block Length
Hits
Last Used