Cisco Cisco Firepower Management Center 2000 开发者指南
4-103
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
The following table describes the fields of the User Criticality data block.
User Attribute Value Data Block 4.7+
The User Attribute Value data block contains a list of IP address ranges that indicate the hosts where the
attribute value has changed, together with the identification number for the user who added the attribute
value, information about the source that supplied the attribute value, and the BLOB data block
containing the attribute value. The User Attribute Value data block has a block type of 82 in the series 1
group of blocks. Changes from the previous User Attribute Value data block include a new source type
field and the use of the Generic list data block instead of the List data block to store IP addresses.
attribute value has changed, together with the identification number for the user who added the attribute
value, information about the source that supplied the attribute value, and the BLOB data block
containing the attribute value. The User Attribute Value data block has a block type of 82 in the series 1
group of blocks. Changes from the previous User Attribute Value data block include a new source type
field and the use of the Generic list data block instead of the List data block to store IP addresses.
Table 4-60
User Criticality Data Block Fields
Field
Number of
Bytes
Bytes
Description
User Criticality Data
Block Type
Block Type
uint32
Initiates a User Criticality data block. This value is always
81
.
User Criticality
Block Length
Block Length
uint32
Total number of bytes in the User Criticality data block, including
eight bytes for the user criticality block type and length fields,
plus the number of bytes of user criticality data that follows.
eight bytes for the user criticality block type and length fields,
plus the number of bytes of user criticality data that follows.
Generic List Block
Type
Type
uint32
Initiates a Generic List data block. This value is always
31
.
Generic List Block
Length
Length
uint32
Number of bytes in the Generic List block and encapsulated data
blocks. This number includes the eight bytes of the generic list
block header fields, plus the number of bytes in all of the
encapsulated data blocks.
blocks. This number includes the eight bytes of the generic list
block header fields, plus the number of bytes in all of the
encapsulated data blocks.
IP Address Range
Specification Data
Blocks
Specification Data
Blocks
variable
Encapsulated IP Address Range Specification data blocks up to
the maximum number of bytes in the list block length.
the maximum number of bytes in the list block length.
Source ID
uint32
Identification number that maps to the source that updated or
added the user criticality value. Depending on the source type, this
may map to RNA, a user, a scanner, or a third-party application.
added the user criticality value. Depending on the source type, this
may map to RNA, a user, a scanner, or a third-party application.
Source Type
uint32
Number that maps to the type of data source:
•
0
if the user criticality value was provided by RNA
•
1
if the user criticality value was provided by a user
•
2
if the user criticality value was provided by a third-party
scanner
•
3
if the user criticality value was provided by a command line
tool such as
nmimport.pl
or the Host Input API client
Criticality Value
uint32
User criticality value.