Method
The Method class describes the methodology used by the intruder to perpetrate the events of the incident. This class consists of a list of references describing the attack method and a free form description of the technique.
digraph Method { graph [bb="0,0,517,244", rankdir=LR ]; node [label="\N"]; Method [height=0.98611, label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#92765a" HREF="/idmef_parser/IODEFv1/Method.html" TITLE="The Method class describes the methodology used by the intruder to perpetrate the events of the incident. This class consists of a list of references describing the attack method and a free form description of the technique. "><FONT FACE="Nimbus Sans L">Method</FONT></td> </tr>" %<tr><td BGCOLOR="#b79370" HREF="/idmef_parser/IODEFv1/Method.html" TITLE="A free-form text description of the methodology used by the intruder."><FONT FACE="Nimbus Sans L">[ML_STRING] Description (0..*)</FONT></td></tr>%<tr><td BGCOLOR="#b79370" HREF="/idmef_parser/IODEFv1/Method.html" TITLE="This attribute is defined in Section 3.2."><FONT FACE="Nimbus Sans L">[ENUM] restriction (Optional)</FONT></td></tr>%</table>>, pos="106,132", shape=plaintext, width=2.9444]; Reference [height=1.2778, label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#92765a" HREF="/idmef_parser/IODEFv1/Reference.html" TITLE="The Reference class is a reference to a vulnerability, IDS alert, malware sample, advisory, or attack technique. A reference consists of a name, a URL to this reference, and an optional description. "><FONT FACE="Nimbus Sans L">Reference</FONT></td> </tr>" %<tr><td BGCOLOR="#b79370" HREF="/idmef_parser/IODEFv1/Reference.html" TITLE="Name of the reference."><FONT FACE="Nimbus Sans L">[ML_STRING] ReferenceName (1..1)</FONT></td></tr>%<tr><td BGCOLOR="#b79370" HREF="/idmef_parser/IODEFv1/Reference.html" TITLE="A URL associated with the reference."><FONT FACE="Nimbus Sans L">[URL] URL (0..*)</FONT></td></tr>%<tr><td BGCOLOR="#b79370" HREF="/idmef_parser/IODEFv1/Reference.html" TITLE="A free-form text description of this reference."><FONT FACE="Nimbus Sans L">[ML_STRING] Description (0..*)</FONT></td></tr>%</table>>, pos="394,198", shape=plaintext, width=3.4167]; Method -> Reference [label="0..*", lp="241.5,172.5", pos="e,270.67,169.74 212.01,156.29 227.82,159.92 244.28,163.69 260.56,167.42"]; AdditionalData [height=1.8611, label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#87689e" HREF="/idmef_parser/IODEFv1/AdditionalData.html" TITLE="The AdditionalData class serves as an extension mechanism for information not otherwise represented in the data model. For relatively simple information, atomic data types (e.g., integers, strings) are provided with a mechanism to annotate their meaning. The class can also be used to extend the data model (and the associated Schema) to support proprietary extensions by encapsulating entire XML documents conforming to another Schema (e.g., IDMEF). A detailed discussion for extending the data model and the schema can be found in Section 5. "><FONT FACE="Nimbus Sans L">AdditionalData</FONT></td> </tr>" %<tr><td BGCOLOR="#a982c6" HREF="/idmef_parser/IODEFv1/AdditionalData.html" TITLE="The data type of the element content. The permitted values for this attribute are shown below. The default value is "string"."><FONT FACE="Nimbus Sans L">[ENUM] dtype (Required)</FONT></td></tr>%<tr><td BGCOLOR="#a982c6" HREF="/idmef_parser/IODEFv1/AdditionalData.html" TITLE="A means by which to extend the dtype attribute. See Section 5.1."><FONT FACE="Nimbus Sans L">[STRING] ext-dtype (Optional)</FONT></td></tr>%<tr><td BGCOLOR="#a982c6" HREF="/idmef_parser/IODEFv1/AdditionalData.html" TITLE="A free-form description of the element content."><FONT FACE="Nimbus Sans L">[STRING] meaning (Optional)</FONT></td></tr>%<tr><td BGCOLOR="#a982c6" HREF="/idmef_parser/IODEFv1/AdditionalData.html" TITLE="An identifier referencing the format and semantics of the element content."><FONT FACE="Nimbus Sans L">[STRING] formatid (Optional)</FONT></td></tr>%<tr><td BGCOLOR="#a982c6" HREF="/idmef_parser/IODEFv1/AdditionalData.html" TITLE="This attribute has been defined in Section 3.2."><FONT FACE="Nimbus Sans L">[ENUM] restriction (Optional)</FONT></td></tr>%</table>>, pos="394,67", shape=plaintext, width=2.8194]; Method -> AdditionalData [label="0..*", lp="241.5,110.5", pos="e,292.04,90.011 212.01,108.07 234.89,102.91 259.14,97.437 282.23,92.226"]; }
Aggregates
Reference (0..*)
A reference to a vulnerability, malware sample, advisory, or analysis of an attack technique.
Description (0..*)
A free-form text description of the methodology used by the intruder.
AdditionalData (0..*)
A mechanism by which to extend the data model.
Attributes
restriction (Optional)
This attribute is defined in Section 3.2.