Cisco Cisco Firepower Management Center 2000 Guia Do Programador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

200

Understanding Discovery & Connection Data Structures

Metadata for Discovery Events

Chapter 4

Discovery Event Header Fields

IELD

ATA

YPES

ESCRIPTION

Device ID

uint32

ID number of the device that generated the

discovery event. You can obtain the metadata

for the device by requesting Version 3 and 4

metadata. See

Managed Device Record

Metadata

on page 99 for more information.

Legacy IP

Address

uint32

IPv4 address of the host involved in the event.

If the Has IPv6 flag is set, this will contain

0.0.0.0

MAC Address

uint8[6]

MAC address of the host involved in the event.

Has IPv6

uint8

Flag indicating that the host has an IPv6

address.

Reserved for

future use

uint8

Reserved for future use

Event Second

uint32

UNIX timestamp (seconds since 01/01/1970)

that the system generated the event.

Event

Microsecond

uint32

Microsecond (one millionth of a second)

increment that the system generated the

event.

Event Type

uint32

Event type (1000 for new events, 1001 for

change events, 1002 for user input events,

1050 for full host profile). See

Host Discovery

Structures by Event Type

on page 205 for a list

of available event types.

Event Subtype

uint32

Event subtype. See

Host Discovery Structures

by Event Type

on page 205 for a list of available

event subtypes.

File Number

byte[4]

Serial file number. This field is for Sourcefire

internal use and can be disregarded.

File Position

byte[4]

Event’s position in the serial file. This field is

for Sourcefire internal use and can be

disregarded.

IPv6 Address

uin8[16]

IPv6 address. This field is present and used if

the Has IPv6 flag is set.