Cisco Cisco Firepower Management Center 4000 开发者指南
2-28
FireSIGHT eStreamer Integration Guide
Chapter 2 Understanding the eStreamer Application Protocol
Host Data and Multiple Host Data Message Format
Host data messages do not have a record type field. The structure of the message is communicated by
the message type and the data block type of the full host profile included in the message. Full host profile
data blocks are in the series a group of blocks.
the message type and the data block type of the full host profile included in the message. Full host profile
data blocks are in the series a group of blocks.
The graphic below shows the format of the host data message and the table that follows defines the
shaded fields:
shaded fields:
The fields specific to the Host Request message are:
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (6 | 7)
Message Length
Full Host Profile Data Block Type
Length
Full Host Profile Data Block
Table 2-15
Field
Data Type
Description
Full Host Profile
Data Block Type
Data Block Type
uint32
Specifies the block type for the full host profile data included in
the message. See
the message. See
Length
uint32
Length of the full host profile data in the message.
Full Host Profile
Data Block
Data Block
variable
The host data. For links to the definitions of current full host
profile data blocks, see
profile data blocks, see