Impact

The Impact class allows for categorizing and describing the technical impact of the incident on the network of an organization. 

digraph Impact {
	graph [bb="0,0,204,134",
		rankdir=LR
	];
	node [label="\N"];
	Impact	 [height=1.8611,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#cc6a51" HREF="/idmef_parser/IODEFv1/Impact.html" TITLE="The Impact class allows for categorizing and describing the technical impact of the incident on the network of an organization. "><FONT FACE="Nimbus Sans L">Impact</FONT></td> </tr>" %<tr><td BGCOLOR="#ff8465"  HREF="/idmef_parser/IODEFv1/Impact.html" TITLE="A valid language code per RFC 4646 [7] constrained by the definition of &quot;xs:language&quot;.  The interpretation of this code is described in Section 6."><FONT FACE="Nimbus Sans L">[ENUM] lang (Required)</FONT></td></tr>%<tr><td BGCOLOR="#ff8465"  HREF="/idmef_parser/IODEFv1/Impact.html" TITLE="An estimate of the relative severity of the activity.  The permitted values are shown below.  There is no default value."><FONT FACE="Nimbus Sans L">[ENUM] severity (Optional)</FONT></td></tr>%<tr><td BGCOLOR="#ff8465"  HREF="/idmef_parser/IODEFv1/Impact.html" TITLE="An indication whether the described activity was successful.  The permitted values are shown below.  There is no default value."><FONT FACE="Nimbus Sans L">[ENUM] completion (Optional)</FONT></td></tr>%<tr><td BGCOLOR="#ff8465"  HREF="/idmef_parser/IODEFv1/Impact.html" TITLE="Classifies the malicious activity into incident categories.  The permitted values are shown below.  The default value is &quot;other&quot;."><FONT FACE="Nimbus Sans L">[ENUM] type (Required)</FONT></td></tr>%<tr><td BGCOLOR="#ff8465"  HREF="/idmef_parser/IODEFv1/Impact.html" TITLE="A means by which to extend the type attribute. See Section 5.1."><FONT FACE="Nimbus Sans L">[STRING] ext-type (Optional)</FONT></td></tr>%</table>>,
		pos="102,67",
		shape=plaintext,
		width=2.8333];
}

Attributes

lang (Required)

A valid language code per RFC 4646 [7] constrained by the definition of "xs:language". The interpretation of this code is described in Section 6.

severity (Optional)

An estimate of the relative severity of the activity. The permitted values are shown below. There is no default value.
Rank Keyword Description
1 low Low severity
2 medium Medium severity
3 high High severity

completion (Optional)

An indication whether the described activity was successful. The permitted values are shown below. There is no default value.
Rank Keyword Description
1 failed The attempted activity was not successful.
2 succeeded The attempted activity succeeded.

type (Required)

Classifies the malicious activity into incident categories. The permitted values are shown below. The default value is "other".
Rank Keyword Description
1 admin Administrative privileges were attempted.
2 dos A denial of service was attempted.
3 file An action that impacts the integrity of a file or database was attempted.
4 info-leak An attempt was made to exfiltrate information.
5 misconfiguration An attempt was made to exploit a mis- configuration in a system.
6 policy Activity violating site's policy was attempted.
7 recon Reconnaissance activity was attempted.
8 social-engineering A social engineering attack was attempted.
9 user User privileges were attempted.
10 unknown The classification of this activity is unknown.
11 ext-value An escape value used to extend this attribute. See Section 5.1.

ext-type (Optional)

A means by which to extend the type attribute. See Section 5.1.

IDMEFv1

IDMEFv2

IODEFv1

IODEFv2