Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
4-34
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Discovery and Connection Event Types and Subtypes
The values in the Event Type and Event Subtype fields identify and classify the event contained in a host
discovery or user data message. They also identify the structure of the data in the message.
discovery or user data message. They also identify the structure of the data in the message.
The following table lists the event types and event subtypes for discovery and connection events.
Event Microsecond
uint32
Microsecond (one millionth of a second) increment that the
system generated the event.
system generated the event.
Event Type
uint32
Event type (
1000
for new events,
1001
for change events,
1002
for
user input events,
1050
for full host profile). See
for a list of available event
types.
Event Subtype
uint32
Event subtype. See
for a list of available event subtypes.
File Number
byte[4]
Serial file number. This field is for Cisco internal use and can be
disregarded.
disregarded.
File Position
byte[4]
Event’s position in the serial file. This field is for Cisco internal
use and can be disregarded.
use and can be disregarded.
IPv6 Address
uin8[16]
IPv6 address. This field is present and used if the Has IPv6 flag
is set.
is set.
Table 4-25
Discovery Event Header Fields (continued)
Field
Data Types
Description
Table 4-26
Discovery and Connection Events by Type and Subtype
Event Name
Event Type
Event Subtype
New Host
1000
1
New TCP Server
1000
2
New Network Protocol
1000
3
New Transport Protocol
1000
4
New IP to IP Traffic
1000
5
New UDP Server
1000
6
New Client Application
1000
7
New OS
1000
8
New IPv6 to IPv6 Traffic
1000
9
Host IP Address Changed
1001
1
OS Information Update
1001
2
Host IP Address Reused
1001
3
Vulnerability Change
1001
4
Hops Change
1001
5
TCP Server Information Update
1001
6
Host Timeout
1001
7