Expand Service class¶
Aim:¶
Add complementary information in the Service class by offering more sub-classes to choose from.
Exactly like Alert that can be an OverFlowALert, a CorrelationAlert or a ToolAlert, a Service can be a SNMPService or a WebService. But there are lots of other services that could have a dedicated class.
Solution 1¶
Make as much classes as there are types.
| Impacted Class | Proposed Field | Type |
|---|---|---|
| Service->LDAPService | url | String |
| operation | start_tls bind search compare add delete modify modify_dn abandon extended-operation unbind other |
|
| ext-operation | String | |
| dn | String | |
| LDAPService->LDAPServiceParams | parameter | scope filter deref_aliases attribute sizelimit timelimit sizeonly ext-type |
| ext-type | String | |
| Service->SIPService | uri | String |
| request | INVITE ACK BYE CANCEL OPTIONS REGISTER PRACK SUBSCRIBE NOTIFY PUBLISH INFO referer MESSAGE UPDATE other |
|
| ext-request | String | |
| response | integer | |
| SIPService->HeaderSIPService | parameter | Enum |
| value | String | |
| Service->SMTPService | messsageid | String |
| user-agent | String | |
| subject | String | |
| references | String |
Pros¶
- Bring a lot of information
Cons¶
- IDMEF diagram will be more complicated
Solution 2:¶
Remove the offered classes to jsut keep the Service class and consider it to be enough.
| Impacted Class | Proposed Field | Type |
|---|---|---|
| Service->SNMPService | ||
| Service->WebService | ||
Pros¶
Cons¶
- Remove a lot of informations for an alert
- No backwards compatibility
Meetings:¶
30/10/2015 Meeting : OK, but which services should be added ?