Service

The Service class describes a network service. The service is described by a protocol, port, protocol header field, and application providing or using the service. 

digraph Service {
	graph [bb="0,0,1121,396",
		rankdir=LR
	];
	node [label="\N"];
	Service	 [height=2.7361,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#cca3a3" HREF="/idmef_parser/IODEFv2/Service.html" TITLE="The Service class describes a network service. The service is described by a protocol, port, protocol header field, and application providing or using the service. "><FONT FACE="Nimbus Sans L">Service</FONT></td> </tr>" %<tr><td BGCOLOR="#FFCCCC"  HREF="/idmef_parser/IODEFv2/Service.html" TITLE="A port number."><FONT FACE="Nimbus Sans L">[INTEGER] Port (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#FFCCCC"  HREF="/idmef_parser/IODEFv2/Service.html" TITLE="A list of port numbers."><FONT FACE="Nimbus Sans L">[PORTLIST] Portlist (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#FFCCCC"  HREF="/idmef_parser/IODEFv2/Service.html" TITLE="A transport-layer (Layer 4) protocol- specific code field (e.g., ICMP code field)."><FONT FACE="Nimbus Sans L">[INTEGER] ProtoCode (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#FFCCCC"  HREF="/idmef_parser/IODEFv2/Service.html" TITLE="A transport-layer (Layer 4) protocol- specific type field (e.g., ICMP type field)."><FONT FACE="Nimbus Sans L">[INTEGER] ProtoType (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#FFCCCC"  HREF="/idmef_parser/IODEFv2/Service.html" TITLE="A transport-layer (Layer 4) protocol- specific flag field (e.g., TCP flag field)."><FONT FACE="Nimbus Sans L">[INTEGER] ProtoField (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#FFCCCC"  HREF="/idmef_parser/IODEFv2/Service.html" TITLE="The application acting as either the client or the server for the service."><FONT FACE="Nimbus Sans L">[SOFTWARE] Application (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#FFCCCC"  HREF="/idmef_parser/IODEFv2/Service.html" TITLE="The IANA-assigned IP protocol number per [IANA.Protocols].  The attribute MUST be set if a Port, Portlist, ProtoCode, ProtoType, or ProtoField class is present."><FONT FACE="Nimbus Sans L">[INTEGER] ip-protocol (0..1)</FONT></td></tr>%<tr><td BGCOLOR="#FFCCCC"  HREF="/idmef_parser/IODEFv2/Service.html" TITLE="See Section 3.3.2."><FONT FACE="Nimbus Sans L">[ID] observable-id (0..1)</FONT></td></tr>%</table>>,
		pos="106,261",
		shape=plaintext,
		width=2.9444];
	ServiceName	 [height=1.2778,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/ServiceName.html" TITLE="The ServiceName class identifies an application protocol. It can be described by referencing an IANA-registered protocol, by referencing a URL, or with free-form text. "><FONT FACE="Nimbus Sans L">ServiceName</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/ServiceName.html" TITLE="The name of the service per the &quot;Service Name&quot; field of the registry [IANA.Ports]."><FONT FACE="Nimbus Sans L">[STRING] IANAService (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/ServiceName.html" TITLE="A URL to a resource describing the service."><FONT FACE="Nimbus Sans L">[URL] URL (0..*)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/ServiceName.html" TITLE="A free-form text description of the service."><FONT FACE="Nimbus Sans L">[ML_STRING] Description (0..*)</FONT></td></tr>%</table>>,
		pos="413,350",
		shape=plaintext,
		width=2.9444];
	Service -> ServiceName	 [label="0..1",
		lp="241.5,309.5",
		pos="e,306.91,319.25 212.08,291.75 239.52,299.71 269.21,308.31 297.12,316.41"];
	ApplicationHeader	 [height=0.69444,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/ApplicationHeader.html" TITLE="The ApplicationHeader class describes arbitrary fields from a protocol header and its corresponding value. "><FONT FACE="Nimbus Sans L">ApplicationHeader</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/ApplicationHeader.html" TITLE="A field name and value in a protocol header.  The name attribute MUST be set to the field name.  The field value MUST be set in the element content."><FONT FACE="Nimbus Sans L">[EXTENSION] ApplicationHeaderField (1..*)</FONT></td></tr>%</table>>,
		pos="413,261",
		shape=plaintext,
		width=3.9444];
	Service -> ApplicationHeader	 [label="0..1",
		lp="241.5,268.5",
		pos="e,270.91,261 212.08,261 227.8,261 244.25,261 260.68,261"];
	EmailData	 [height=3.0278,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The EmailData class describes headers from an email message and cryptographic hashes and signatures applied to it. "><FONT FACE="Nimbus Sans L">EmailData</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The value of the &quot;To:&quot; header field (Section 3.6.3 of [RFC5322]) in an email."><FONT FACE="Nimbus Sans L">[EMAIL] EmailTo (0..*)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The value of the &quot;From:&quot; header field (Section 3.6.2 of [RFC5322]) in an email."><FONT FACE="Nimbus Sans L">[EMAIL] EmailFrom (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The value of the &quot;Subject:&quot; header field in an email.  See Section 3.6.5 of [RFC5322]."><FONT FACE="Nimbus Sans L">[STRING] EmailSubject (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The value of the &quot;X-Mailer:&quot; header field in an email."><FONT FACE="Nimbus Sans L">[STRING] EmailX-Mailer (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The header name and value of an arbitrary header field of the email message.  The name attribute MUST be set to the header name.  The header value MUST be set in the element body.  The dtype attribute MUST be set to &quot;string&quot;."><FONT FACE="Nimbus Sans L">[EXTENSION] EmailHeaderField (0..*)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The headers of an email message."><FONT FACE="Nimbus Sans L">[STRING] EmailHeaders (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The body of an email message."><FONT FACE="Nimbus Sans L">[STRING] EmailBody (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="The headers and body of an email message."><FONT FACE="Nimbus Sans L">[STRING] EmailMessage (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/EmailData.html" TITLE="See Section 3.3.2."><FONT FACE="Nimbus Sans L">[ID] observable-id (0..1)</FONT></td></tr>%</table>>,
		pos="413,109",
		shape=plaintext,
		width=3.5139];
	Service -> EmailData	 [label="0..1",
		lp="241.5,205.5",
		pos="e,286.29,171.74 212.08,208.48 233.1,198.07 255.44,187.01 277.29,176.19"];
	HashData	 [height=0.98611,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/HashData.html" TITLE="The HashData class describes different types of hashes on a given object (e.g., file, part of a file, email). "><FONT FACE="Nimbus Sans L">HashData</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/HashData.html" TITLE="An identifier that references a subset of the object being hashed.  The semantics of this identifier are specified by the scope attribute."><FONT FACE="Nimbus Sans L">[STRING] HashTargetID (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/HashData.html" TITLE="A means by which to extend the scope attribute.  See Section 5.1.1."><FONT FACE="Nimbus Sans L">[STRING] scope (0..1)</FONT></td></tr>%</table>>,
		pos="715.5,169",
		shape=plaintext,
		width=2.8194];
	EmailData -> HashData	 [label="0..*",
		lp="584.5,151.5",
		pos="e,613.82,148.83 539.53,134.1 560.92,138.34 582.98,142.72 603.95,146.87"];
	SignatureData	 [height=0.69444,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/SignatureData.html" TITLE="The SignatureData class describes different types of digital signatures on an object. "><FONT FACE="Nimbus Sans L">SignatureData</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/SignatureData.html" TITLE="A given signature.  See Section 4.2 of [W3C.XMLSIG]."><FONT FACE="Nimbus Sans L">[] Signature (1..*)</FONT></td></tr>%</table>>,
		pos="715.5,90",
		shape=plaintext,
		width=1.7222];
	EmailData -> SignatureData	 [label="0..*",
		lp="584.5,106.5",
		pos="e,653.4,93.9 539.53,101.05 574.88,98.832 612.08,96.496 643.12,94.546"];
	Hash	 [height=0.98611,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/Hash.html" TITLE="The Hash class describes a cryptographic hash value; the algorithm and application used to generate it; and the canonicalization method applied to the object being hashed. "><FONT FACE="Nimbus Sans L">Hash</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/Hash.html" TITLE="The canonicalization method used on the object being hashed.  See Section 4.3.1 of [W3C.XMLSIG]."><FONT FACE="Nimbus Sans L">[]  (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/Hash.html" TITLE="The application used to calculate the hash."><FONT FACE="Nimbus Sans L">[SOFTWARE] Application (0..1)</FONT></td></tr>%</table>>,
		pos="998.5,219",
		shape=plaintext,
		width=2.9444];
	HashData -> Hash	 [label="0..*",
		lp="846.5,201.5",
		pos="e,892.39,200.25 817.27,186.98 838.43,190.72 860.88,194.69 882.51,198.51"];
	FuzzyHash	 [height=1.2778,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/FuzzyHash.html" TITLE="The FuzzyHash class describes a fuzzy hash and the application used to generate it. "><FONT FACE="Nimbus Sans L">FuzzyHash</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/FuzzyHash.html" TITLE="The computed fuzzy hash value."><FONT FACE="Nimbus Sans L">[EXTENSION] FuzzyHashValue (1..*)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/FuzzyHash.html" TITLE="The application used to calculate the hash."><FONT FACE="Nimbus Sans L">[SOFTWARE] Application (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/FuzzyHash.html" TITLE="Mechanism by which to extend the data model."><FONT FACE="Nimbus Sans L">[EXTENSION] AdditionalData (0..*)</FONT></td></tr>%</table>>,
		pos="998.5,119",
		shape=plaintext,
		width=3.4028];
	HashData -> FuzzyHash	 [label="0..*",
		lp="846.5,153.5",
		pos="e,875.91,140.66 817.27,151.02 833.02,148.24 849.48,145.33 865.78,142.45"];
}

Aggregates

ServiceName (0..1)

A protocol name.

Port (0..1)

A port number.

Portlist (0..1)

A list of port numbers.

ProtoCode (0..1)

A transport-layer (Layer 4) protocol- specific code field (e.g., ICMP code field).

ProtoType (0..1)

A transport-layer (Layer 4) protocol- specific type field (e.g., ICMP type field).

ProtoField (0..1)

A transport-layer (Layer 4) protocol- specific flag field (e.g., TCP flag field).

ApplicationHeader (0..1)

A protocol header. See Section 3.20.2.

EmailData (0..1)

Headers associated with an email message. See Section 3.21.

Application (0..1)

The application acting as either the client or the server for the service.

ip-protocol (0..1)

The IANA-assigned IP protocol number per [IANA.Protocols]. The attribute MUST be set if a Port, Portlist, ProtoCode, ProtoType, or ProtoField class is present.

observable-id (0..1)

See Section 3.3.2.

IDMEFv1

IDMEFv2

IODEFv1

IODEFv2