Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
4-14
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
The following table describes the fields in the Scan Type record.
Server Record
The eStreamer service transmits metadata containing server information for an event within a Server
record, the format of which is shown below. The application ID of the server’s application protocol
provides the cross-reference to the metadata. (Server information is sent when one of the metadata
flags—bits 1, 14, 15, or 20 in the Request Flags field of a request message—is set. See
record, the format of which is shown below. The application ID of the server’s application protocol
provides the cross-reference to the metadata. (Server information is sent when one of the metadata
flags—bits 1, 14, 15, or 20 in the Request Flags field of a request message—is set. See
.) Note that the Record Type field, which appears after the Message Length field, has a value
of
63
, indicating a Server record.
Name Length
Name...
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Table 4-8
Scan Type Record Fields
Field
Data Type
Description
Scan Type ID
uint32
The scan type ID number.
Name Length
uint32
The number of bytes included in the scan type name.
Name
string
The name of the scan type.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (63)
Record Length
Application ID
Name Length
Name...