Cisco Cisco Firepower Management Center 4000 开发者指南
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
166
Understanding Discovery & Connection Data Structures
Discovery and Connection Event Data Messages
Chapter 4
Discovery and Connection Event Record Types
The
table below lists the event
record types for host discovery and connection events, and provides links to the
event message structure for each record type. The list includes metadata record
types as well. Some records contain a single data block which stores a specific
piece of data. These data blocks are broken up into series 1 blocks that contain
most types of data, and series 2 blocks that specifically contain discovery data.
The table also indicates the status of each version (current or legacy). A current
record is the latest version. A legacy record has been superseded by a later
version but can still be requested from eStreamer.
Discovery and Connection Event Record Types
R
ECORD
T
YPE
C
ONTAINS
B
LOCK
T
YPE
S
ERIES
D
ESCRIPTION
R
ECORD
S
TATUS
D
ATA
F
ORMAT
D
ESCRIBED
IN
...
10
139
1
New Host Detected
Current
11
103
1
New TCP Server
Current
12
103
1
New UDP Server
Current
13
4
1
New Network Protocol
Current
14
4
1
New Transport
Protocol
Current
15
122
1
New Client Application
Current
16
103
1
TCP Server
Information Update
Current
17
103
1
UDP Server
Information Update
Current
18
53
1
OS Information
Update
Current
19
N/A
N/A
Host Timeout
Current
20
N/A
N/A
Host IP Address
Reused
Current