Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
4-99
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
User Hosts Data Block 4.7+
The User Hosts data block is used in
information about host ranges and user and source identity from a user host input event. The User Hosts
data block has a block type of 78 in the series 1 group of blocks.
data block has a block type of 78 in the series 1 group of blocks.
The following diagram shows the basic structure of a User Hosts data block:
Generic List Block
Length
Length
uint32
Number of bytes in the Generic List block and encapsulated data
blocks. This number includes the eight bytes of the generic list block
header fields, plus the number of bytes in all of the encapsulated
data blocks.
blocks. This number includes the eight bytes of the generic list block
header fields, plus the number of bytes in all of the encapsulated
data blocks.
User Server Data
Blocks
Blocks
variable
Encapsulated User Server data blocks up to the maximum number of
bytes in the list block length.
bytes in the list block length.
Table 4-57
User Server List Data Block Fields (continued)
Field
Number of
Bytes
Bytes
Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
User Hosts Block Type (78)
User Hosts Block Length
IP
Ranges
Generic List Block Type (31)
Generic List Block Length
IP Range Specification Data Blocks*
MAC
Ranges
Generic List Block Type (31)
Generic List Block Length
MAC Range Specification Data Blocks...
Source ID
Source Type