Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
4-112
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
The following table describes the fields of the Web Application data block.
Connection Statistics Data Block 5.3.1+
The connection statistics data block is used in connection data messages. The only changes to the
connection data block between versions 5.3 and 5.3.1 is the addition of a security context field. The
connection statistics data block for version 5.3.1+ has a block type of 154 in the series 1 group of blocks.
It deprecates block type 152,
connection data block between versions 5.3 and 5.3.1 is the addition of a security context field. The
connection statistics data block for version 5.3.1+ has a block type of 154 in the series 1 group of blocks.
It deprecates block type 152,
You request connection event records by setting the extended event flag—bit 30 in the Request Flags
field—in the request message with an event version of 11 and an event code of 71. See
field—in the request message with an event version of 11 and an event code of 71. See
. If you enable bit 23, an extended event header is included in the record.For more information
on the Connection Statistics Data message, see
The following diagram shows the format of a Connection Statistics data block for 5.3.1+:
::
Table 4-67
Web Application Data Block Fields
Field
Data Type
Description
Web Application
Data Block Type
Data Block Type
uint32
Initiates the Web Application data block. This value is always
123
.
Web Application
Data Block
Length
Data Block
Length
uint32
Number of bytes in the Web Application data block, including eight
bytes for the Web Application data block type and length, plus the
number of bytes in the application ID field that follows.
bytes for the Web Application data block type and length, plus the
number of bytes in the application ID field that follows.
Application ID
uint32
Application ID of the web application.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Connection Data Block Type (154)
Connection Data Block Length
Device ID
Ingress Zone
Ingress Zone, continued
Ingress Zone, continued
Ingress Zone, continued
Egress Zone
Egress Zone, continued
Egress Zone, continued
Egress Zone, continued