Cisco Cisco Firepower Management Center 4000 Guide Du Développeur
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
223
Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Chapter 4
User Modification Messages
When any of the following events occurs through system detection, a user
modification message is sent:
•
a new user is detected (a New User Identity event—event type 1004,
subtype 1),
•
a user is removed (a Delete User Identity event—event type 1004, subtype
3)
•
a user is dropped (a User Identity Dropped: User Limit Reached event—
event type 1004, subtype 4)
User Modification event messages have a standard discovery event header (as
on page 198) and a User
Information data block (as documented in
User Information Update Message Block
When the login changes for a user (a User Login event—event type 1004,
subtype 2) detected by the system, a user information update message is sent.
User Information Update event messages have a standard discovery event
User Information Update event messages have a standard discovery event
header (as documented in
on page 198) and a User
Login Information data block (as documented in
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Discovery Event Header
User Information Data Block