Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
4-106
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
The following table describes the fields of the Generic List data block.
Host Vulnerability Data Block 4.9.0+
The Host Vulnerability data block conveys vulnerabilities that apply to a host. Each Host Vulnerability
data block describes one vulnerability for a host in an event. Host Vulnerability data blocks appear in
the Full Host Profile, Full Host Server, and Full Sub-Server data blocks. The Host Vulnerability data
block has a block type of 85 in the series 1 group of blocks.
data block describes one vulnerability for a host in an event. Host Vulnerability data blocks appear in
the Full Host Profile, Full Host Server, and Full Sub-Server data blocks. The Host Vulnerability data
block has a block type of 85 in the series 1 group of blocks.
User Protocol
Blocks
Generic List Block Type (31)
Generic List Block Length
User Protocol Data Blocks...
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Table 4-62
User Protocol List Data Block Fields
Field
Number of
Bytes
Bytes
Description
User Protocol List
Block Type
Block Type
uint32
Initiates a User Protocol List data block. This value is always
83
.
User Protocol List
Block Length
Block Length
uint32
Total number of bytes in the User Protocol List data block,
including eight bytes for the user protocol list block type and
length fields, plus the number of bytes of user protocol list data
that follows.
including eight bytes for the user protocol list block type and
length fields, plus the number of bytes of user protocol list data
that follows.
Source Type
uint32
Number that maps to the type of data source:
•
0
if the protocol data was provided by RNA
•
1
if the protocol data was provided by a user
•
2
if the protocol data was provided by a third-party scanner
•
3
if the protocol data was provided by a command line tool
such as
nmimport.pl
or the Host Input API client
Source ID
uint32
Identification number that maps to the source of the affected
protocols. Depending on the source type, this may map to RNA, a
user, a scanner, or a third-party application.
protocols. Depending on the source type, this may map to RNA, a
user, a scanner, or a third-party application.
Generic List Block
Type
Type
uint32
Initiates a Generic List data block. This value is always
31
.
Generic List Block
Length
Length
uint32
Number of bytes in the Generic List block and encapsulated data
blocks. This number includes the eight bytes of the generic list
block header fields, plus the number of bytes in all of the
encapsulated data blocks.
blocks. This number includes the eight bytes of the generic list
block header fields, plus the number of bytes in all of the
encapsulated data blocks.
User Protocol Data
Blocks
Blocks
variable
Encapsulated User Protocol data blocks up to the maximum
number of bytes in the list block length.
number of bytes in the list block length.