Cisco Cisco Firepower Management Center 4000 개발자 가이드
B-61
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy Discovery Data Structures
The following table describes the fields of the Scan Result data block.
User
Product List
Generic List Block Type (31)
Generic List Block Length
User Product Data Blocks*
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Table B-14
Scan Result Data Block Fields
Field
Data Type
Description
Scan Result
Block Type
Block Type
uint32
Initiates a Scan Result data block. This value is always
102
.
Scan Result
Block Length
Block Length
uint32
Number of bytes in the Scan Vulnerability data block, including eight
bytes for the scan vulnerability block type and length fields, plus the
number of bytes of scan vulnerability data that follows.
bytes for the scan vulnerability block type and length fields, plus the
number of bytes of scan vulnerability data that follows.
User ID
uint32
Contains the user identification number for the user who imported the
scan result or ran the scan that produced the scan result.
scan result or ran the scan that produced the scan result.
Scan Type
uint32
Indicates how the results were added to the system.
IP Address
uint32
IP address of the host affected by the vulnerabilities in the result, in IP
address octets.
address octets.
Port
uint16
Port used by the sub-server affected by the vulnerabilities in the
results.
results.
Protocol
uint16
IANA protocol number. For example:
•
1
- ICMP
•
4
- IP
•
6
- TCP
•
17
- UDP
Flag
uint16
Reserved
List Block Type uint32
Initiates a List data block comprising Scan Vulnerability data blocks
conveying transport Scan Vulnerability data. This value is always
conveying transport Scan Vulnerability data. This value is always
11
.
List Block
Length
Length
uint32
Number of bytes in the list. This number includes the eight bytes of the
list block type and length fields, plus all encapsulated Scan
Vulnerability data blocks.
list block type and length fields, plus all encapsulated Scan
Vulnerability data blocks.
This field is followed by zero or more Scan Vulnerability data blocks.
Scan
Vulnerability
Block Type
Vulnerability
Block Type
uint32
Initiates a Scan Vulnerability data block describing a vulnerability
detected during a scan. This value is always
detected during a scan. This value is always
109
.
Scan
Vulnerability
Block Length
Vulnerability
Block Length
uint32
Number of bytes in the Scan Vulnerability data block, including eight
bytes for the scan vulnerability block type and length fields, plus the
number of bytes in the scan vulnerability data that follows.
bytes for the scan vulnerability block type and length fields, plus the
number of bytes in the scan vulnerability data that follows.