Cisco Cisco Firepower Management Center 2000 Guide Du Développeur
4-104
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
The following diagram shows the structure of a User Attribute Value data block:
The following table describes the fields of the User Attribute Value data block.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
User Attribute Value Data Block Type (82)
User Attribute Value Block Length
IP Address
Range Blocks
Generic List Block Type (31)
Generic List Block Length
IP Address Range Specification Data Blocks...
Source ID
Source Type
Attribute ID
Value
BLOB Block Type (10)
BLOB Block Length
Value...
Table 4-61
User Attribute Value Data Block Fields
Field
Number of
Bytes
Bytes
Description
User Attribute Value
Data Block Type
Data Block Type
uint32
Initiates a User Attribute Value data block. This value is always
82
.
User Attribute Value
Block Length
Block Length
uint32
Total number of bytes in the Attribute Value data block, including
eight bytes for the user attribute value block type and length
fields, plus the number of bytes of user attribute value data that
follows.
eight bytes for the user attribute value block type and length
fields, plus the number of bytes of user attribute value data that
follows.
Generic List Block
Type
Type
uint32
Initiates a Generic List data block. This value is always
31
.
Generic List Block
Length
Length
uint32
Number of bytes in the Generic List block and encapsulated data
blocks. This number includes the eight bytes of the generic list
block header fields, plus the number of bytes in all of the
encapsulated data blocks.
blocks. This number includes the eight bytes of the generic list
block header fields, plus the number of bytes in all of the
encapsulated data blocks.
IP Address Range
Specification Data
Blocks
Specification Data
Blocks
variable
IP Address Range Specification data blocks (each with a start IP
address and end IP address) up to the maximum number of bytes
in the list block length.
address and end IP address) up to the maximum number of bytes
in the list block length.