DetectionPattern

The DetectionPattern class describes a configuration or signature that can be used by an Intrusion Detection System (IDS) / Intrusion Prevention System (IPS), SIEM, antivirus, endpoint protection, network analysis, malware analysis, or host forensics tool to identify a particular phenomenon. This class requires the identification of the target application and allows the configuration to be described in either free form or machine-readable form. 

digraph DetectionPattern {
	graph [bb="0,0,254,155",
		rankdir=LR
	];
	node [label="\N"];
	DetectionPattern	 [height=2.1528,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/DetectionPattern.html" TITLE="The DetectionPattern class describes a configuration or signature that can be used by an Intrusion Detection System (IDS) / Intrusion Prevention System (IPS), SIEM, antivirus, endpoint protection, network analysis, malware analysis, or host forensics tool to identify a particular phenomenon. This class requires the identification of the target application and allows the configuration to be described in either free form or machine-readable form. "><FONT FACE="Nimbus Sans L">DetectionPattern</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/DetectionPattern.html" TITLE="The application for which the DetectionConfiguration or Description is being provided."><FONT FACE="Nimbus Sans L">[SOFTWARE] Application (1..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/DetectionPattern.html" TITLE="A free-form text description of how to use the information provided in the Application or DetectionConfiguration classes."><FONT FACE="Nimbus Sans L">[ML_STRING] Description (0..*)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/DetectionPattern.html" TITLE="A machine-consumable configuration to find a pattern of activity."><FONT FACE="Nimbus Sans L">[STRING] DetectionConfiguration (0..*)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/DetectionPattern.html" TITLE="See Section 3.3.1."><FONT FACE="Nimbus Sans L">[ENUM] restriction (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/DetectionPattern.html" TITLE="A means by which to extend the restriction attribute.  See Section 5.1.1."><FONT FACE="Nimbus Sans L">[STRING] ext-restriction (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/DetectionPattern.html" TITLE="See Section 3.3.2."><FONT FACE="Nimbus Sans L">[ID] observable-id (0..1)</FONT></td></tr>%</table>>,
		pos="127,77.5",
		shape=plaintext,
		width=3.5278];
}

Aggregates

Application (1..1)

The application for which the DetectionConfiguration or Description is being provided.

Description (0..*)

A free-form text description of how to use the information provided in the Application or DetectionConfiguration classes.

DetectionConfiguration (0..*)

A machine-consumable configuration to find a pattern of activity.

restriction (0..1)

See Section 3.3.1.

ext-restriction (0..1)

A means by which to extend the restriction attribute. See Section 5.1.1.

observable-id (0..1)

See Section 3.3.2.

IDMEFv1

IDMEFv2

IODEFv1

IODEFv2