Cisco Cisco Firepower Management Center 4000 Guide Du Développeur

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

339

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

Operating System Fingerprint Data Block 5.1+

The Operating System Fingerprint data block has a block type of 130 in the series 

1 group of blocks. The block includes a fingerprint Universally Unique Identifier 

(UUID), as well as the fingerprint type, the fingerprint source type, and the 

fingerprint source ID. 

Vulnerability 

ID

uint32

The Sourcefire vulnerability ID.

Third-Party 

Vulnerability 

UUID

uint8 [16]

A unique ID number for the third-party 

vulnerability, if one exists. Otherwise, the value 

is 0.

String Block 

Type

uint32

Initiates a String data block for the vulnerability 

name. The value is always 0.

String Block 

Length

uint32

The number of bytes in the String data block for 

the vulnerability name, including eight bytes for 

the string block type and length, plus the 

number of bytes in the vulnerability name.

Vulnerability 

Name

string

The vulnerability name.

Client 

Application ID

uint32

The application ID of the client application. For 

server vulnerabilities, the value is 0.

Application 

Protocol ID

uint32

The application ID of the application protocol 

used by client application. For server 

vulnerabilities, the value is 0.

String Block 

Type

uint32

Initiates a String data block for the version 

string. The value is always 0.

String Block 

Length

uint32

The number of bytes in the String data block for 

the version, including eight bytes for the string 

block type and length, plus the number of bytes 

in the client application version string.

Version

string

The client application version. For server 

vulnerabilities, the value is 0.

User Vulnerability Data Block Fields (Continued)