Cisco Cisco Firepower Management Center 2000 开发者指南

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

198

Understanding Discovery & Connection Data Structures

Metadata for Discovery Events

Chapter 4

The 

 table describes the 

fields in the Security Intelligence Source/Destination record.

Discovery Event Header 5.2+

Discovery and connection event messages contain a discovery event header. It 

conveys the type and subtype of the event, the time the event occurred, the 

device on which the event occurred, and the structure of the event data in the 

message. This header is followed by the actual host discovery, user, or 

connection event data. The structures associated with the different event 

type/subtype values are described in 

page 205. This header has IPv6 support, and deprecates 

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Header Version (1)

Message Type (4)

Message Length

Record Type (281)

Record Length

Security Intelligence Source/Destination ID

Security Intelligence Source/Destination Length

Security Intelligence Source/Destination...

Security Intelligence Source/Destination Record Fields 

Security 

Intelligence 

Source/ 

Destination ID

uint32

The Security Intelligence source/destination ID 

number.

Security 

Intelligence 

Source/ 

Destination 

Length

uint32

The number of bytes included in the Security 

Intelligence source/destination.

Security 

Intelligence 

Source/ 

Destination

string

Whether the detected IP address is a source 

or destination IP address.