Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
4-138
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
The following table describes the fields of the Full Host Client Application data block.
Host Client Application Data Block for 5.0+
The Host Client Application data block for 5.0+ describes a client application and is used within New
Client Application events (event type 1000, subtype 7), Client Application Timeout events (event type
1001, subtype 20), and Client Application Update events (event type 1001, subtype 32). The Host Client
Application data block for 4.10.2+ has a block type of 122 in the series 1 group of blocks.
Client Application events (event type 1000, subtype 7), Client Application Timeout events (event type
1001, subtype 20), and Client Application Update events (event type 1001, subtype 32). The Host Client
Application data block for 4.10.2+ has a block type of 122 in the series 1 group of blocks.
Table 4-76
Full Host Client Application Data Block 5.0+ Fields
Field
Data Type
Description
Full Host Client
Application Block Type
Application Block Type
uint32
Initiates a Full Host Client Application data block. This value
is always
is always
112
.
Full Host Client
Application Block
Length
Application Block
Length
uint32
Number of bytes in the Full Host Client Application data
block, including eight bytes for the client application block
type and length, plus the number of bytes in the client
application data that follows.
block, including eight bytes for the client application block
type and length, plus the number of bytes in the client
application data that follows.
Hits
uint32
Number of times the system has detected the client
application in use.
application in use.
Last Used
uint32
UNIX timestamp that represents the last time the system
detected the client in use.
detected the client in use.
Application ID
uint32
Application ID of the detected client application, if
applicable.
applicable.
String Block Type
uint32
Initiates a String data block for the client application version.
This value is always
This value is always
0
.
String Block Length
uint32
Number of bytes in the String data block for the client
application name, including eight bytes for the string block
type and length, plus the number of bytes in the client
application version.
application name, including eight bytes for the string block
type and length, plus the number of bytes in the client
application version.
Version
string
Client application version.
Generic List Block Type
uint32
Initiates a Generic List data block. This value is always
31
.
Generic List Block
Length
Length
uint32
Number of bytes in the Generic List block and the
encapsulated Web Application data blocks. This number
includes the eight bytes of the generic list block header fields,
plus the number of bytes in all of the encapsulated data
blocks.
encapsulated Web Application data blocks. This number
includes the eight bytes of the generic list block header fields,
plus the number of bytes in all of the encapsulated data
blocks.
Web Application Data
Blocks
Blocks
variable
Encapsulated Web Application data blocks up to the
maximum number of bytes in the generic list block length.
maximum number of bytes in the generic list block length.
Generic List Block Type
uint32
Initiates a Generic List data block. This value is always
31
.
Generic List Block
Length
Length
uint32
Number of bytes in the Generic List block and encapsulated
Vulnerability data blocks. This number includes the eight
bytes of the generic list block header fields, plus the number
of bytes in all of the encapsulated Vulnerability data blocks.
Vulnerability data blocks. This number includes the eight
bytes of the generic list block header fields, plus the number
of bytes in all of the encapsulated Vulnerability data blocks.
Vulnerability Data
Blocks
Blocks
variable
Encapsulated Vulnerability data blocks up to the maximum
number of bytes in the generic list block length.
number of bytes in the generic list block length.