Cisco Cisco Firepower Management Center 2000 开发者指南
4-145
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
The following table describes the fields of the Mobile Device Information data block returned by 5.1+.
Host Profile Data Block for 5.2+
The following diagram shows the format of a Host Profile data block. The data block also does not
include a host criticality value, but does include a VLAN presence indicator. In addition, a data block
can convey a NetBIOS name for the host. The Host Profile data block has a block type of 139 in the
series 1 group of blocks. The data block now supports IPv6 addresses, and client application data blocks
have been added.
include a host criticality value, but does include a VLAN presence indicator. In addition, a data block
can convey a NetBIOS name for the host. The Host Profile data block has a block type of 139 in the
series 1 group of blocks. The data block now supports IPv6 addresses, and client application data blocks
have been added.
Note
An asterisk(*) next to a block type field in the following diagram indicates the message may contain zero
or more instances of the series 1 data block.
or more instances of the series 1 data block.
Table 4-80
Mobile Device Information Data Block 5.1+ Fields
Field
Data Type
Description
Mobile Device Information
Block Type (131)
Block Type (131)
uint32
Initiates the operating system data block. This value is
always
always
131
.
Mobile Device Information
Block Length
Block Length
uint32
Number of bytes in the Mobile Device Information data
block, including eight bytes for the Mobile Device
Information Data Block block type and length, plus the
number of bytes in the Mobile Device Information data
that follows.
block, including eight bytes for the Mobile Device
Information Data Block block type and length, plus the
number of bytes in the Mobile Device Information data
that follows.
String Block Type
uint32
Initiates a string data block for the mobile device string.
This value is set to
This value is set to
0
to indicate string data.
String Block Length
uint32
Indicates the number of bytes in the mobile device
string data block, including eight bytes for the string
block type and length fields, plus the number of bytes in
the mobile device string data that follows.
string data block, including eight bytes for the string
block type and length fields, plus the number of bytes in
the mobile device string data that follows.
Mobile Device String Data
Variable
Contains the mobile device hardware information of the
host detected.
host detected.
Mobile Device Last Seen
uint32
Contains the time stamp the mobile device was last
seen.
seen.
Mobile
uint32
True-false flag indicating whether the host is a mobile
device.
device.
Jailbroken
uint32
True-false flag indicating whether the host is a mobile
device that is jailbroken.
device that is jailbroken.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Host Profile Block Type (139)
Host Profile Block Length