Cisco Cisco Firepower Management Center 2000 Guia Do Programador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

353

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

User Product Data Block 5.1+

The User Product data block conveys host input data imported from a third party

application, including third party application string mappings. This data block is

used in

Scan Result Data Block 5.2+

on page 308 and

User Server and Operating

System Messages

on page 219. The User Product data block has a block type of

65 in the series 1 group of blocks for versions up to 4.7-4.10.1, a block type of 118

for 4.10.2-5.0.x, and a block type of 134 in the series 1 group of blocks for 5.1+.

Block types 65 and 118 have the same structure.

IMPORTANT!

An asterisk(*) next to a data block name in the following diagram

indicates that multiple instances of the data block may occur.

The following diagram shows the format of the User Product data block:

Host Client

Application

Data Blocks

variable

List of Client Application data blocks. See

Full

Host Client Application Data Block 5.0+

page 331 for a description of this data block.

String Block

Type

uint32

Initiates a String data block for the host

NetBIOS name. This value is always 0.

String Block

Length

uint32

Number of bytes in the String data block,

including eight bytes for the string block type

and length fields, plus the number of bytes in

the NetBIOS name string.

NetBIOS

Name

string

Host NetBIOS name string.

Host Profile Data Block 5.2+ Fields (Continued)

IELD

ATA

YPE

ESCRIPTION

Byte

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

User Product Data Block Type (134)

User Product Block Length

Source ID

Source Type