Cisco Cisco Firepower Management Center 4000 開発者ガイド

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

363

Understanding Discovery & Connection Data Structures

User Data Blocks

Chapter 4

The

User Data Block Type

table lists the user data blocks that can appear in user

event messages. Data blocks are listed by data block type. Current data blocks

are the latest versions. Legacy blocks are supported but not produced by the

current version of the Sourcefire 3D System.

User Data Block Type

YPE

ONTENT

ATA

LOCK

ATEGORY

ESCRIPTION

User Login

Information

Legacy

Contains changes in login

information for users detected by

the system. See

User Login

Information Data Block 5.1+

page 378 for more information. The

successor block type introduced for

version 5.0 has the same structure

as block type 73 but with different

data in the fields.

User Account

Update

Message

Current

Contains changes in user account

information. See

User Account

Update Message Data Block

page 364 for more information.

User

Information

for 4.7 - 4.10.x

Legacy

Contains changes in information for

users detected by the system. See

User Information Data Block

page 375 for more information. The

successor block type 120 introduced

for version 5.0 has the same

structure as block type 75.

120

User

Information

for 5.0+

Current

Contains changes in information for

users detected by the system. See

User Information Data Block

page 375 for more information.

Supersedes block type 75.

121

User Login

Information

Legacy

Contains changes in login

information for users detected by

the system. See

User Login

Information Data Block for 5.0 - 5.0.2

on page 565 for more information.

Differs from block 73 in the content

of the Protocol field, which stores

the Version 5.0+ application ID for

the application protocol ID detected

in the event. The successor block

introduced for version 5.1 has block

type 127.