Руководство Разработчика для Cisco Cisco Firepower Management Center 2000
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
293
Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Chapter 4
Host Vulnerability Data Block 4.9.0+
The Host Vulnerability data block conveys vulnerabilities that apply to a host. Each
Host Vulnerability data block describes one vulnerability for a host in an event.
Host Vulnerability data blocks appear in the Full Host Profile, Full Host Server, and
Full Sub-Server data blocks. The Host Vulnerability data block has a block type of
85 in the series 1 group of blocks.
The following diagram shows the format of the Host Vulnerability data block:
The following diagram shows the format of the Host Vulnerability data block:
Source ID
uint32
Identification number that maps to the source of
the affected protocols. Depending on the source
type, this may map to RNA, a user, a scanner, or
a third-party application.
Generic List
Block Type
uint32
Initiates a Generic List data block. This value is
always 31.
Generic List
Block Length
uint32
Number of bytes in the Generic List block and
encapsulated data blocks. This number includes
the eight bytes of the generic list block header
fields, plus the number of bytes in all of the
encapsulated data blocks.
User Protocol
Data Blocks
variable
Encapsulated User Protocol data blocks up to the
maximum number of bytes in the list block
length.
User Protocol List Data Block Fields (Continued)
F
IELD
N
UMBER
OF
B
YTES
D
ESCRIPTION
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Host Vulnerability Block Type (85)
Host Vulnerability Block Length
Host Vulnerability ID
Invalid Flags
Type
Type (cont.)