Cisco Cisco Firepower Management Center 4000 Guide Du Développeur
4-32
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
The following table describes the fields in the Security Intelligence Source/Destination record.
Discovery Event Header 5.2+
Discovery and connection event messages contain a discovery event header. It conveys the type and
subtype of the event, the time the event occurred, the device on which the event occurred, and the
structure of the event data in the message. This header is followed by the actual host discovery, user, or
connection event data. The structures associated with the different event type/subtype values are
described in
subtype of the event, the time the event occurred, the device on which the event occurred, and the
structure of the event data in the message. This header is followed by the actual host discovery, user, or
connection event data. The structures associated with the different event type/subtype values are
described in
. This header has IPv6 support, and
deprecates
The event type and event subtype fields of the discovery event header identify the structure of the
transmitted event message. After the structure of the event data block is determined, your program can
parse the message appropriately.
transmitted event message. After the structure of the event data block is determined, your program can
parse the message appropriately.
The shaded rows in the following diagram illustrate the format of the discovery event header.
Table 4-24
Security Intelligence Source/Destination Record Fields
Field
Data Type
Description
Security Intelligence
Source/ Destination ID
Source/ Destination ID
uint32
The Security Intelligence source/destination ID number.
Security Intelligence
Source/ Destination
Length
Source/ Destination
Length
uint32
The number of bytes included in the Security Intelligence
source/destination.
source/destination.
Security Intelligence
Source/ Destination
Source/ Destination
string
Whether the detected IP address is a source or destination IP
address.
address.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type
Record Length
eStreamer Server Timestamp (in events, only if bit 23 is set)
Reserved for Future Use (in events, only if bit 23 is set)