WindowsRegistryKeysModified

The WindowsRegistryKeysModified class describes Windows operating system registry keys and the operations that were performed on them. This class was derived from [RFC5901]. 

digraph WindowsRegistryKeysModified {
	graph [bb="0,0,490,134",
		rankdir=LR
	];
	node [label="\N"];
	WindowsRegistryKeysModified	 [height=0.69444,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/WindowsRegistryKeysModified.html" TITLE="The WindowsRegistryKeysModified class describes Windows operating system registry keys and the operations that were performed on them. This class was derived from [RFC5901]. "><FONT FACE="Nimbus Sans L">WindowsRegistryKeysModified</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/WindowsRegistryKeysModified.html" TITLE="See Section 3.3.2."><FONT FACE="Nimbus Sans L">[ID] observable-id (0..1)</FONT></td></tr>%</table>>,
		pos="104.5,67",
		shape=plaintext,
		width=2.9028];
	Key	 [height=1.8611,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr> <td BGCOLOR="#CECECE" HREF="/idmef_parser/IODEFv2/Key.html" TITLE="The Key class describes a Windows operating system registry key name and value pair, as well as the operation performed on it. "><FONT FACE="Nimbus Sans L">Key</FONT></td> </tr>" %<tr><td  HREF="/idmef_parser/IODEFv2/Key.html" TITLE="The name of a Windows operating system registry key (e.g., [HKEY_LOCAL_MACHINE\Software\Test\KeyName])."><FONT FACE="Nimbus Sans L">[STRING] KeyName (1..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/Key.html" TITLE="The value of the registry key identified in the KeyName class encoded per the .reg file format [KB310516]."><FONT FACE="Nimbus Sans L">[STRING] KeyValue (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/Key.html" TITLE="The type of action taken on the registry key. These values are maintained in the &quot;Key-registryaction&quot; IANA registry per Section 10.2."><FONT FACE="Nimbus Sans L">[ENUM] registryaction (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/Key.html" TITLE="A means by which to extend the registryaction attribute.  See Section 5.1.1."><FONT FACE="Nimbus Sans L">[STRING] ext-registryaction (0..1)</FONT></td></tr>%<tr><td  HREF="/idmef_parser/IODEFv2/Key.html" TITLE="See Section 3.3.2."><FONT FACE="Nimbus Sans L">[ID] observable-id (0..1)</FONT></td></tr>%</table>>,
		pos="379,67",
		shape=plaintext,
		width=3.0833];
	WindowsRegistryKeysModified -> Key	 [label="1..*",
		lp="238.5,74.5",
		pos="e,267.88,67 209.06,67 224.99,67 241.55,67 257.81,67"];
}

Aggregates

Key (1..*)

The Windows registry key. See Section 3.23.1.

observable-id (0..1)

See Section 3.3.2.

IDMEFv1

IDMEFv2

IODEFv1

IODEFv2