Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
216
Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Chapter 4
Connection Chunk Message
The Connection Chunk event has a standard discovery event header (as
on page 198) followed by a
Connection Chunk data block. The format differs depending on the system
version. For information on connection chunk data block format for the current
version, see
User Set Vulnerabilities Messages for Version 4.6.1+
User Set Valid Vulnerabilities, User Set Invalid Vulnerabilities, and User
Vulnerability Qualification messages use the same data format: the standard
on page 198) followed
by a User Vulnerability change data block (see
on page 285). They are differentiated by record type, event type, and
event subtype.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Discovery Event Header
Connection Chunk Data Block
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Discovery Event Header
User Vulnerability Change Data Block