Flow

The Flow class describes the systems and networks involved in the incident and the relationships between them.

Flow Flow Flow System System [SOFTWARE] OperatingSystem (0..*) [STRING] AssetID (0..*) [ML_STRING] Description (0..*) [EXTENSION] AdditionalData (0..*) [ENUM] category (0..1) [STRING] ext-category (0..1) [STRING] interface (0..1) [ENUM] spoofed (0..1) [ENUM] virtual (0..1) [ENUM] ownership (0..1) [STRING] ext-ownership (0..1) [ENUM] restriction (0..1) [STRING] ext-restriction (0..1) [ID] observable-id (0..1) Flow->System 1..* Node Node [ML_STRING] Location (0..*) System->Node 1..1 Counter Counter System->Counter 0..* NodeRole NodeRole [ML_STRING] Description (0..*) [STRING] category (0..1) System->NodeRole 0..* Service Service [INTEGER] Port (0..1) [PORTLIST] Portlist (0..1) [INTEGER] ProtoCode (0..1) [INTEGER] ProtoType (0..1) [INTEGER] ProtoField (0..1) [SOFTWARE] Application (0..1) [INTEGER] ip-protocol (0..1) [ID] observable-id (0..1) System->Service 0..* DomainData DomainData [STRING] Name (1..1) [DATETIME] DateDomainWasChecked (0..1) [DATETIME] RegistrationDate (0..1) [DATETIME] ExpirationDate (0..1) [EXTENSION] RelatedDNS (0..*) [STRING] system-status (0..1) [STRING] domain-status (0..1) [ID] observable-id (0..1) Node->DomainData 0..* Address Address Node->Address 0..* PostalAddress PostalAddress [POSTAL] PAddress (1..1) [ML_STRING] Description (0..*) [ENUM] type (0..1) [STRING] ext-type (0..1) Node->PostalAddress 0..1 Node->Counter 0..* Nameservers Nameservers [STRING] Server (1..1) DomainData->Nameservers 0..* DomainContacts DomainContacts [STRING] SameDomainContact (0..1) DomainData->DomainContacts 0..1 Nameservers->Address 1..* Contact Contact [ML_STRING] ContactName (0..*) [ML_STRING] ContactTitle (0..*) [ML_STRING] Description (0..*) [TIMEZONE] Timezone (0..1) [EXTENSION] AdditionalData (0..*) [STRING] role (0..1) [STRING] type (0..1) [ENUM] restriction (0..1) [STRING] ext-restriction (0..1) DomainContacts->Contact 1..* Contact->Contact 0..* RegistryHandle RegistryHandle Contact->RegistryHandle 0..* Contact->PostalAddress 0..* Email Email [EMAIL] EmailTo (1..1) [ML_STRING] Description (0..*) [ENUM] type (0..1) [STRING] ext-type (0..1) Contact->Email 0..* Telephone Telephone [PHONE] TelephoneNumber (1..1) [ML_STRING] Description (0..*) [ENUM] type (0..1) [STRING] ext-type (0..1) Contact->Telephone 0..* ServiceName ServiceName [STRING] IANAService (0..1) [URL] URL (0..*) [ML_STRING] Description (0..*) Service->ServiceName 0..1 ApplicationHeader ApplicationHeader [EXTENSION] ApplicationHeaderField (1..*) Service->ApplicationHeader 0..1 EmailData EmailData [EMAIL] EmailTo (0..*) [EMAIL] EmailFrom (0..1) [STRING] EmailSubject (0..1) [STRING] EmailX-Mailer (0..1) [EXTENSION] EmailHeaderField (0..*) [STRING] EmailHeaders (0..1) [STRING] EmailBody (0..1) [STRING] EmailMessage (0..1) [ID] observable-id (0..1) Service->EmailData 0..1 HashData HashData [STRING] HashTargetID (0..1) [STRING] scope (0..1) EmailData->HashData 0..* SignatureData SignatureData [] Signature (1..*) EmailData->SignatureData 0..* Hash Hash []  (0..1) [SOFTWARE] Application (0..1) HashData->Hash 0..* FuzzyHash FuzzyHash [EXTENSION] FuzzyHashValue (1..*) [SOFTWARE] Application (0..1) [EXTENSION] AdditionalData (0..*) HashData->FuzzyHash 0..* 
digraph Flow {
	graph [bb="0,0,1884,879.5",
		rankdir=LR
	];
	node [label="\N"];
	Flow	 [height=0.5,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#65779e" HREF="/idmef_parser/IODEFv2/Flow.html" TITLE="The Flow class describes the systems and networks involved in the incident and the relationships between them. "><FONT FACE="Nimbus Sans L">Flow</FONT></td> </tr>" %</table>>,
		pos="27,407",
		shape=plaintext,
		width=0.75];
	System	 [height=4.4861,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#65779e" HREF="/idmef_parser/IODEFv2/System.html" TITLE="The System class describes a system or network involved in an event. "><FONT FACE="Nimbus Sans L">System</FONT></td> </tr>" %<tr><td BGCOLOR="#7e95c5"  HREF="/idmef_parser/IODEFv2/System.html" TITLE="The operating system running on the system."><FONT FACE="Nimbus Sans L">[SOFTWARE] OperatingSystem (0..*)</FONT></td></tr>%<tr><td BGCOLOR="#7e95c5"  HREF="/idmef_parser/IODEFv2/System.html" TITLE="An asset identifier for the System."><FONT FACE="Nimbus Sans L">[STRING] AssetID (0..*)</FONT></td></tr>%<tr><td BGCOLOR="#7e95c5"  HREF="/idmef_parser/IODEFv2/System.html" TITLE="A free-form text description of the System."><FONT FACE="Nimbus Sans L">[ML_STRING] Description (0..*)</FONT></td></tr>%<tr><td BGCOLOR="#7e95c5"  HREF="/idmef_parser/IODEFv2/System.html" TITLE="A mechanism by which to extend the data model."><FONT FACE="Nimbus Sans L">[EXTENSION] AdditionalData (0..*)</FONT></td></tr>%<tr><td BGCOLOR="#7e95c5"  HREF="/idmef_parser/IODEFv2/System.html" TITLE="Classifies the role the host or network played in the incident.  These values are maintained in the &quot;System- category&quot; IANA registry per Section 10.2."><FONT FACE="Nimbus Sans L">[ENUM] category (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#7e95c5"  HREF="/idmef_parser/IODEFv2/System.html" TITLE="A means by which to extend the category attribute.  See Section 5.1.1."><FONT FACE="Nimbus Sans L">[STRING] ext-category (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#7e95c5"  HREF="/idmef_parser/IODEFv2/System.html" TITLE="Specifies the interface on which the event(s) on this System originated.  If the Node class specifies a network rather than a host, this attribute has no meaning."><FONT FACE="Nimbus Sans L">[STRING] interface (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#7e95c5"  HREF="/idmef_parser/IODEFv2/System.html" TITLE="An indication of confidence in whether this System was the true target or attacking host.  The permitted values for this attribute are shown below.  The default value is &quot;unknown&quot;."><FONT FACE="Nimbus Sans L">[ENUM] spoofed (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#7e95c5"  HREF="/idmef_parser/IODEFv2/System.html" TITLE="Indicates whether this System is a virtual or physical device.  The default value is &quot;unknown&quot;."><FONT FACE="Nimbus Sans L">[ENUM] virtual (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#7e95c5"  HREF="/idmef_parser/IODEFv2/System.html" TITLE="Describes the ownership of this System relative to the victim in the incident.  These values are maintained in the &quot;System-ownership&quot; IANA registry per Section 10.2."><FONT FACE="Nimbus Sans L">[ENUM] ownership (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#7e95c5"  HREF="/idmef_parser/IODEFv2/System.html" TITLE="A means by which to extend the ownership attribute.  See Section 5.1.1."><FONT FACE="Nimbus Sans L">[STRING] ext-ownership (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#7e95c5"  HREF="/idmef_parser/IODEFv2/System.html" TITLE="See Section 3.3.1."><FONT FACE="Nimbus Sans L">[ENUM] restriction (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#7e95c5"  HREF="/idmef_parser/IODEFv2/System.html" TITLE="A means by which to extend the restriction attribute.  See Section 5.1.1."><FONT FACE="Nimbus Sans L">[STRING] ext-restriction (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#7e95c5"  HREF="/idmef_parser/IODEFv2/System.html" TITLE="See Section 3.3.2."><FONT FACE="Nimbus Sans L">[ID] observable-id (0..1)</FONT></td></tr>%</table>>,
		pos="237.5,407",
		shape=plaintext,
		width=3.4583];
	Flow -> System	 [label="1..*",
		lp="83.5,414.5",
		pos="e,112.82,407 54.088,407 67.36,407 84.43,407 102.8,407"];
	"Node"	 [height=0.69444,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#3daf3d" HREF="/idmef_parser/IODEFv2/Node.html" TITLE="The Node class identifies a system, asset, or network and its location. "><FONT FACE="Nimbus Sans L">Node</FONT></td> </tr>" %<tr><td BGCOLOR="#4cdb4c"  HREF="/idmef_parser/IODEFv2/Node.html" TITLE="A free-form text description of the physical location of the node.  This description may provide a more detailed description of where at the address specified by the PostalAddress class this node is found (e.g., room number, rack number, or slot number in a chassis)."><FONT FACE="Nimbus Sans L">[ML_STRING] Location (0..*)</FONT></td></tr>%</table>>,
		pos="527,506",
		shape=plaintext,
		width=2.7083];
	System -> "Node"	 [label="1..1",
		lp="391.5,470.5",
		pos="e,451.01,480.92 362.19,450.88 368.21,452.96 374.17,455.01 380,457 399.89,463.8 421.33,471.02 441.52,477.76"];
	Counter	 [height=0.5,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#cc6a51" HREF="/idmef_parser/IODEFv2/Counter.html" TITLE="The Counter class summarizes multiple occurrences of an event or conveys counts or rates of various features. "><FONT FACE="Nimbus Sans L">Counter</FONT></td> </tr>" %</table>>,
		pos="838,452",
		shape=plaintext,
		width=0.98611];
	System -> Counter	 [label="0..*",
		lp="527,443.5",
		pos="e,802.28,449.32 362.29,416.35 495.99,426.37 701.22,441.75 792.04,448.56"];
	NodeRole	 [height=0.98611,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#3daf3d" HREF="/idmef_parser/IODEFv2/NodeRole.html" TITLE="The NodeRole class describes the function performed by or role of a particular system, asset, or network. "><FONT FACE="Nimbus Sans L">NodeRole</FONT></td> </tr>" %<tr><td BGCOLOR="#4cdb4c"  HREF="/idmef_parser/IODEFv2/NodeRole.html" TITLE="A free-form text description of the role of the system."><FONT FACE="Nimbus Sans L">[ML_STRING] Description (0..*)</FONT></td></tr>%<tr><td BGCOLOR="#4cdb4c"  HREF="/idmef_parser/IODEFv2/NodeRole.html" TITLE="A means by which to extend the category attribute.  See Section 5.1.1."><FONT FACE="Nimbus Sans L">[STRING] category (0..1)</FONT></td></tr>%</table>>,
		pos="527,371",
		shape=plaintext,
		width=2.9444];
	System -> NodeRole	 [label="0..*",
		lp="391.5,396.5",
		pos="e,420.7,384.22 362.37,391.47 378.32,389.49 394.59,387.47 410.39,385.5"];
	Service	 [height=2.7361,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#cca3a3" HREF="/idmef_parser/IODEFv2/Service.html" TITLE="The Service class describes a network service. The service is described by a protocol, port, protocol header field, and application providing or using the service. "><FONT FACE="Nimbus Sans L">Service</FONT></td> </tr>" %<tr><td BGCOLOR="#FFCCCC"  HREF="/idmef_parser/IODEFv2/Service.html" TITLE="A port number."><FONT FACE="Nimbus Sans L">[INTEGER] Port (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#FFCCCC"  HREF="/idmef_parser/IODEFv2/Service.html" TITLE="A list of port numbers."><FONT FACE="Nimbus Sans L">[PORTLIST] Portlist (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#FFCCCC"  HREF="/idmef_parser/IODEFv2/Service.html" TITLE="A transport-layer (Layer 4) protocol- specific code field (e.g., ICMP code field)."><FONT FACE="Nimbus Sans L">[INTEGER] ProtoCode (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#FFCCCC"  HREF="/idmef_parser/IODEFv2/Service.html" TITLE="A transport-layer (Layer 4) protocol- specific type field (e.g., ICMP type field)."><FONT FACE="Nimbus Sans L">[INTEGER] ProtoType (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#FFCCCC"  HREF="/idmef_parser/IODEFv2/Service.html" TITLE="A transport-layer (Layer 4) protocol- specific flag field (e.g., TCP flag field)."><FONT FACE="Nimbus Sans L">[INTEGER] ProtoField (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#FFCCCC"  HREF="/idmef_parser/IODEFv2/Service.html" TITLE="The application acting as either the client or the server for the service."><FONT FACE="Nimbus Sans L">[SOFTWARE] Application (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#FFCCCC"  HREF="/idmef_parser/IODEFv2/Service.html" TITLE="The IANA-assigned IP protocol number per [IANA.Protocols].  The attribute MUST be set if a Port, Portlist, ProtoCode, ProtoType, or ProtoField class is present."><FONT FACE="Nimbus Sans L">[INTEGER] ip-protocol (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#FFCCCC"  HREF="/idmef_parser/IODEFv2/Service.html" TITLE="See Section 3.3.2."><FONT FACE="Nimbus Sans L">[ID] observable-id (0..1)</FONT></td></tr>%</table>>,
		pos="527,219",
		shape=plaintext,
		width=2.9444];
	System -> Service	 [label="0..*",
		lp="391.5,320.5",
		pos="e,420.7,288.03 362.37,325.91 378.92,315.16 395.83,304.18 412.2,293.55"];
	DomainData	 [height=2.7361,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/DomainData.html" TITLE="The DomainData class describes a domain name and metadata associated with this domain. "><FONT FACE="Nimbus Sans L">DomainData</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/DomainData.html" TITLE="The domain name of a system."><FONT FACE="Nimbus Sans L">[STRING] Name (1..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/DomainData.html" TITLE="A timestamp of when the domain listed in the Name class was resolved."><FONT FACE="Nimbus Sans L">[DATETIME] DateDomainWasChecked (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/DomainData.html" TITLE="A timestamp of when domain listed in the Name class was registered."><FONT FACE="Nimbus Sans L">[DATETIME] RegistrationDate (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/DomainData.html" TITLE="A timestamp of when the domain listed in the Name class is set to expire."><FONT FACE="Nimbus Sans L">[DATETIME] ExpirationDate (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/DomainData.html" TITLE="Additional DNS records associated with this domain."><FONT FACE="Nimbus Sans L">[EXTENSION] RelatedDNS (0..*)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/DomainData.html" TITLE="A means by which to extend the system-status attribute.  See Section 5.1.1."><FONT FACE="Nimbus Sans L">[STRING] system-status (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/DomainData.html" TITLE="A means by which to extend the domain-status attribute.  See Section 5.1.1."><FONT FACE="Nimbus Sans L">[STRING] domain-status (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/DomainData.html" TITLE="See Section 3.3.2."><FONT FACE="Nimbus Sans L">[ID] observable-id (0..1)</FONT></td></tr>%</table>>,
		pos="838,643",
		shape=plaintext,
		width=4.0556];
	"Node" -> DomainData	 [label="0..*",
		lp="662.5,577.5",
		pos="e,691.99,578.68 584.04,531.13 612.05,543.47 647.3,558.99 682.55,574.52"];
	Address	 [height=0.5,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#3daf3d" HREF="/idmef_parser/IODEFv2/Address.html" TITLE="The Address class represents a hardware (Layer 2), network (Layer 3), or application (Layer 7) address. "><FONT FACE="Nimbus Sans L">Address</FONT></td> </tr>" %</table>>,
		pos="1474.5,821",
		shape=plaintext,
		width=1];
	"Node" -> Address	 [label="0..*",
		lp="1013.5,854.5",
		pos="e,1438.1,828.03 535.54,531.25 554.46,582.82 605.24,699.74 692,751 936.14,895.25 1299.8,851.37 1427.9,829.79"];
	PostalAddress	 [height=1.5694,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#52a3cc" HREF="/idmef_parser/IODEFv2/PostalAddress.html" TITLE="The PostalAddress class specifies a postal address and associated annotation. "><FONT FACE="Nimbus Sans L">PostalAddress</FONT></td> </tr>" %<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/PostalAddress.html" TITLE="A postal address."><FONT FACE="Nimbus Sans L">[POSTAL] PAddress (1..1)</FONT></td></tr>%<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/PostalAddress.html" TITLE="A free-form text description of the address."><FONT FACE="Nimbus Sans L">[ML_STRING] Description (0..*)</FONT></td></tr>%<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/PostalAddress.html" TITLE="Categorizes the type of address described in the PAddress class.  These values are maintained in the &quot;PostalAddress-type&quot; IANA registry per Section 10.2."><FONT FACE="Nimbus Sans L">[ENUM] type (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/PostalAddress.html" TITLE="A means by which to extend the type attribute. See Section 5.1.1."><FONT FACE="Nimbus Sans L">[STRING] ext-type (0..1)</FONT></td></tr>%</table>>,
		pos="1770,506",
		shape=plaintext,
		width=2.9444];
	"Node" -> PostalAddress	 [label="0..1",
		lp="1168,513.5",
		pos="e,1663.7,506 624.7,506 685.97,506 766.59,506 838,506 838,506 838,506 1474.5,506 1533.5,506 1599.2,506 1653.6,506"];
	"Node" -> Counter	 [label="0..*",
		lp="662.5,484.5",
		pos="e,802.34,455.73 624.62,482.24 633.52,480.35 642.41,478.57 651,477 698.85,468.23 754.13,461.22 792.11,456.88"];
	Nameservers	 [height=0.69444,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/Nameservers.html" TITLE="The Nameservers class describes the nameservers associated with a given domain. "><FONT FACE="Nimbus Sans L">Nameservers</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/Nameservers.html" TITLE="The domain name of the nameserver."><FONT FACE="Nimbus Sans L">[STRING] Server (1..1)</FONT></td></tr>%</table>>,
		pos="1168,739",
		shape=plaintext,
		width=2.2361];
	DomainData -> Nameservers	 [label="0..*",
		lp="1013.5,703.5",
		pos="e,1087.1,715.47 984.18,685.53 1015.9,694.76 1048.6,704.27 1077.5,712.67"];
	DomainContacts	 [height=0.69444,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/DomainContacts.html" TITLE="The DomainContacts class describes the contact information for a given domain provided either by the registrar or through a whois query. "><FONT FACE="Nimbus Sans L">DomainContacts</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/DomainContacts.html" TITLE="A domain name already cited in this document or through previous exchange that contains the identical contact information as the domain name in question.  The domain contact information associated with this domain should be used instead of an explicit definition with the Contact class."><FONT FACE="Nimbus Sans L">[STRING] SameDomainContact (0..1)</FONT></td></tr>%</table>>,
		pos="1168,643",
		shape=plaintext,
		width=3.4722];
	DomainData -> DomainContacts	 [label="0..1",
		lp="1013.5,650.5",
		pos="e,1042.8,643 984.18,643 1000.2,643 1016.5,643 1032.4,643"];
	Nameservers -> Address	 [label="1..*",
		lp="1322.5,773.5",
		pos="e,1438.4,820.22 1248.9,738.83 1277.7,742.07 1309.1,749.67 1334,766 1346.4,774.11 1339.9,785.55 1352,794 1374.2,809.46 1403.7,816.27 \
1428.2,819.19"];
	Contact	 [height=3.0278,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#52a3cc" HREF="/idmef_parser/IODEFv2/Contact.html" TITLE="The Contact class describes contact information for organizations and personnel involved in the incident. This class allows for the naming of the involved party, specifying contact information for them, and identifying their role in the incident. "><FONT FACE="Nimbus Sans L">Contact</FONT></td> </tr>" %<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/Contact.html" TITLE="The name of the contact.  The contact may either be an organization or a person.  The type attribute disambiguates the semantics."><FONT FACE="Nimbus Sans L">[ML_STRING] ContactName (0..*)</FONT></td></tr>%<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/Contact.html" TITLE="The title for the individual named in the ContactName."><FONT FACE="Nimbus Sans L">[ML_STRING] ContactTitle (0..*)</FONT></td></tr>%<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/Contact.html" TITLE="A free-form text description of the contact."><FONT FACE="Nimbus Sans L">[ML_STRING] Description (0..*)</FONT></td></tr>%<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/Contact.html" TITLE="The timezone in which the contact resides."><FONT FACE="Nimbus Sans L">[TIMEZONE] Timezone (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/Contact.html" TITLE="A mechanism by which to extend the data model."><FONT FACE="Nimbus Sans L">[EXTENSION] AdditionalData (0..*)</FONT></td></tr>%<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/Contact.html" TITLE="A means by which to extend the role attribute. See Section 5.1.1."><FONT FACE="Nimbus Sans L">[STRING] role (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/Contact.html" TITLE="A means by which to extend the type attribute. See Section 5.1.1."><FONT FACE="Nimbus Sans L">[STRING] type (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/Contact.html" TITLE="See Section 3.3.1."><FONT FACE="Nimbus Sans L">[ENUM] restriction (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/Contact.html" TITLE="A means by which to extend the restriction attribute.  See Section 5.1.1."><FONT FACE="Nimbus Sans L">[STRING] ext-restriction (0..1)</FONT></td></tr>%</table>>,
		pos="1474.5,643",
		shape=plaintext,
		width=3.2361];
	DomainContacts -> Contact	 [label="1..*",
		lp="1322.5,650.5",
		pos="e,1357.7,643 1293.1,643 1311,643 1329.5,643 1347.5,643"];
	Contact -> Contact	 [label="0..*",
		lp="1474.5,777.5",
		pos="e,1497.7,752.29 1451.3,752.29 1455.9,763.12 1463.7,770 1474.5,770 1481.9,770 1487.9,766.75 1492.5,761.19"];
	RegistryHandle	 [height=0.5,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#52a3cc" HREF="/idmef_parser/IODEFv2/RegistryHandle.html" TITLE="The RegistryHandle class represents a handle into an Internet registry or community-specific database. "><FONT FACE="Nimbus Sans L">RegistryHandle</FONT></td> </tr>" %</table>>,
		pos="1770,730",
		shape=plaintext,
		width=1.5972];
	Contact -> RegistryHandle	 [label="0..*",
		lp="1626.5,704.5",
		pos="e,1712.3,717.37 1591.2,683.23 1612.7,690.15 1634.9,697.03 1656,703 1670.9,707.23 1687.1,711.33 1702.4,715.01"];
	Contact -> PostalAddress	 [label="0..*",
		lp="1626.5,581.5",
		pos="e,1663.7,555.3 1591.3,588.85 1612.1,579.21 1633.7,569.17 1654.5,559.55"];
	Email	 [height=1.5694,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#52a3cc" HREF="/idmef_parser/IODEFv2/Email.html" TITLE="The Email class specifies an email address and associated annotation. "><FONT FACE="Nimbus Sans L">Email</FONT></td> </tr>" %<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/Email.html" TITLE="An email address."><FONT FACE="Nimbus Sans L">[EMAIL] EmailTo (1..1)</FONT></td></tr>%<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/Email.html" TITLE="A free-form text description of the email address."><FONT FACE="Nimbus Sans L">[ML_STRING] Description (0..*)</FONT></td></tr>%<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/Email.html" TITLE="Categorizes the type of email address described in the EmailTo class.  These values are maintained in the &quot;Email- type&quot; IANA registry per Section 10.2."><FONT FACE="Nimbus Sans L">[ENUM] type (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#66CCFF"  HREF="/idmef_parser/IODEFv2/Email.html" TITLE="A means by which to extend the type attribute. See Section 5.1.1."><FONT FACE="Nimbus Sans L">[STRING] ext-type (0..1)</FONT></td></tr>%</table>>,
		pos="1770,637",
		shape=plaintext,
		width=2.9444];
	Contact -> Email	 [label="0..*",
		lp="1626.5,647.5",
		pos="e,1663.7,639.16 1591.3,640.63 1611.7,640.21 1633,639.78 1653.4,639.37"];
	Telephone	 [height=1.5694,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/Telephone.html" TITLE="The Telephone class describes a telephone number and associated annotation. "><FONT FACE="Nimbus Sans L">Telephone</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/Telephone.html" TITLE="A telephone number."><FONT FACE="Nimbus Sans L">[PHONE] TelephoneNumber (1..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/Telephone.html" TITLE="A free-form text description of the phone number."><FONT FACE="Nimbus Sans L">[ML_STRING] Description (0..*)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/Telephone.html" TITLE="Categorizes the type of telephone number described in the TelephoneNumber class.  These values are maintained in the &quot;Telephone-type&quot; IANA registry per Section 10.2."><FONT FACE="Nimbus Sans L">[ENUM] type (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/Telephone.html" TITLE="A means by which to extend the type attribute. See Section 5.1.1."><FONT FACE="Nimbus Sans L">[STRING] ext-type (0..1)</FONT></td></tr>%</table>>,
		pos="1770,823",
		shape=plaintext,
		width=3.1667];
	Contact -> Telephone	 [label="0..*",
		lp="1626.5,751.5",
		pos="e,1671.6,766.34 1591.3,717.21 1612.7,730.59 1635,744.31 1656,757 1658.2,758.34 1660.5,759.7 1662.8,761.06"];
	ServiceName	 [height=1.2778,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/ServiceName.html" TITLE="The ServiceName class identifies an application protocol. It can be described by referencing an IANA-registered protocol, by referencing a URL, or with free-form text. "><FONT FACE="Nimbus Sans L">ServiceName</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/ServiceName.html" TITLE="The name of the service per the &quot;Service Name&quot; field of the registry [IANA.Ports]."><FONT FACE="Nimbus Sans L">[STRING] IANAService (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/ServiceName.html" TITLE="A URL to a resource describing the service."><FONT FACE="Nimbus Sans L">[URL] URL (0..*)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/ServiceName.html" TITLE="A free-form text description of the service."><FONT FACE="Nimbus Sans L">[ML_STRING] Description (0..*)</FONT></td></tr>%</table>>,
		pos="838,46",
		shape=plaintext,
		width=2.9444];
	Service -> ServiceName	 [label="0..1",
		lp="662.5,131.5",
		pos="e,731.68,82.31 633.12,137.05 652.18,124.1 672.27,111.54 692,101 701.7,95.819 712,90.897 722.46,86.283"];
	ApplicationHeader	 [height=0.69444,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/ApplicationHeader.html" TITLE="The ApplicationHeader class describes arbitrary fields from a protocol header and its corresponding value. "><FONT FACE="Nimbus Sans L">ApplicationHeader</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/ApplicationHeader.html" TITLE="A field name and value in a protocol header.  The name attribute MUST be set to the field name.  The field value MUST be set in the element content."><FONT FACE="Nimbus Sans L">[EXTENSION] ApplicationHeaderField (1..*)</FONT></td></tr>%</table>>,
		pos="838,371",
		shape=plaintext,
		width=3.9444];
	Service -> ApplicationHeader	 [label="0..1",
		lp="662.5,334.5",
		pos="e,714.56,345.95 633.38,304.08 652.17,316.44 672.11,328 692,337 696.18,338.89 700.48,340.68 704.86,342.38"];
	EmailData	 [height=3.0278,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The EmailData class describes headers from an email message and cryptographic hashes and signatures applied to it. "><FONT FACE="Nimbus Sans L">EmailData</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The value of the &quot;To:&quot; header field (Section 3.6.3 of [RFC5322]) in an email."><FONT FACE="Nimbus Sans L">[EMAIL] EmailTo (0..*)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The value of the &quot;From:&quot; header field (Section 3.6.2 of [RFC5322]) in an email."><FONT FACE="Nimbus Sans L">[EMAIL] EmailFrom (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The value of the &quot;Subject:&quot; header field in an email.  See Section 3.6.5 of [RFC5322]."><FONT FACE="Nimbus Sans L">[STRING] EmailSubject (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The value of the &quot;X-Mailer:&quot; header field in an email."><FONT FACE="Nimbus Sans L">[STRING] EmailX-Mailer (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The header name and value of an arbitrary header field of the email message.  The name attribute MUST be set to the header name.  The header value MUST be set in the element body.  The dtype attribute MUST be set to &quot;string&quot;."><FONT FACE="Nimbus Sans L">[EXTENSION] EmailHeaderField (0..*)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The headers of an email message."><FONT FACE="Nimbus Sans L">[STRING] EmailHeaders (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The body of an email message."><FONT FACE="Nimbus Sans L">[STRING] EmailBody (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The headers and body of an email message."><FONT FACE="Nimbus Sans L">[STRING] EmailMessage (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="See Section 3.3.2."><FONT FACE="Nimbus Sans L">[ID] observable-id (0..1)</FONT></td></tr>%</table>>,
		pos="838,219",
		shape=plaintext,
		width=3.5139];
	Service -> EmailData	 [label="0..1",
		lp="662.5,226.5",
		pos="e,711.38,219 633.16,219 655.08,219 678.46,219 701.29,219"];
	HashData	 [height=0.98611,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/HashData.html" TITLE="The HashData class describes different types of hashes on a given object (e.g., file, part of a file, email). "><FONT FACE="Nimbus Sans L">HashData</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/HashData.html" TITLE="An identifier that references a subset of the object being hashed.  The semantics of this identifier are specified by the scope attribute."><FONT FACE="Nimbus Sans L">[STRING] HashTargetID (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/HashData.html" TITLE="A means by which to extend the scope attribute.  See Section 5.1.1."><FONT FACE="Nimbus Sans L">[STRING] scope (0..1)</FONT></td></tr>%</table>>,
		pos="1168,269",
		shape=plaintext,
		width=2.8194];
	EmailData -> HashData	 [label="0..*",
		lp="1013.5,254.5",
		pos="e,1066.3,253.58 964.64,238.19 994.85,242.77 1026.9,247.62 1056.4,252.08"];
	SignatureData	 [height=0.69444,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/SignatureData.html" TITLE="The SignatureData class describes different types of digital signatures on an object. "><FONT FACE="Nimbus Sans L">SignatureData</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/SignatureData.html" TITLE="A given signature.  See Section 4.2 of [W3C.XMLSIG]."><FONT FACE="Nimbus Sans L">[] Signature (1..*)</FONT></td></tr>%</table>>,
		pos="1168,190",
		shape=plaintext,
		width=1.7222];
	EmailData -> SignatureData	 [label="0..*",
		lp="1013.5,212.5",
		pos="e,1105.8,195.47 964.64,207.87 1009,203.97 1057.3,199.73 1095.7,196.35"];
	Hash	 [height=0.98611,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/Hash.html" TITLE="The Hash class describes a cryptographic hash value; the algorithm and application used to generate it; and the canonicalization method applied to the object being hashed. "><FONT FACE="Nimbus Sans L">Hash</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/Hash.html" TITLE="The canonicalization method used on the object being hashed.  See Section 4.3.1 of [W3C.XMLSIG]."><FONT FACE="Nimbus Sans L">[]  (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/Hash.html" TITLE="The application used to calculate the hash."><FONT FACE="Nimbus Sans L">[SOFTWARE] Application (0..1)</FONT></td></tr>%</table>>,
		pos="1474.5,319",
		shape=plaintext,
		width=2.9444];
	HashData -> Hash	 [label="0..*",
		lp="1322.5,302.5",
		pos="e,1368.4,301.69 1269.6,285.58 1298,290.21 1329,295.27 1358.2,300.03"];
	FuzzyHash	 [height=1.2778,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/FuzzyHash.html" TITLE="The FuzzyHash class describes a fuzzy hash and the application used to generate it. "><FONT FACE="Nimbus Sans L">FuzzyHash</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/FuzzyHash.html" TITLE="The computed fuzzy hash value."><FONT FACE="Nimbus Sans L">[EXTENSION] FuzzyHashValue (1..*)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/FuzzyHash.html" TITLE="The application used to calculate the hash."><FONT FACE="Nimbus Sans L">[SOFTWARE] Application (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/FuzzyHash.html" TITLE="Mechanism by which to extend the data model."><FONT FACE="Nimbus Sans L">[EXTENSION] AdditionalData (0..*)</FONT></td></tr>%</table>>,
		pos="1474.5,219",
		shape=plaintext,
		width=3.4028];
	HashData -> FuzzyHash	 [label="0..*",
		lp="1322.5,253.5",
		pos="e,1351.8,239.01 1269.6,252.42 1292.8,248.65 1317.7,244.59 1341.9,240.64"];
}

Aggregates

System (1..*)

A host or network involved in an event. See Section 3.17.

IDMEFv1

IDMEFv2

IODEFv1

IODEFv2