Cisco Cisco Firepower Management Center 2000 开发者指南
4-42
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
IP Address Reused and Host Timeout/Deleted Messages
The following host event messages have a standard discovery event header (as documented in
) with no other data:
•
Host IP Address Reused
•
Host Timeout
•
Host Deleted: Host Limit Reached
•
Host Dropped: Host Limit Reached
Vulnerability Change Message
A Vulnerability Change event message has a standard discovery event header (as documented in
) followed by a Vulnerability Reference data block (as
documented in
, block type 8 in series 1).
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Discovery Event Header
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Discovery Event Header
Vulnerability Reference Data Block