Expand Service class¶
Aim:¶
Add complementary information in the Service class by offering more sub-classes to choose from.
Exactly like Alert that can be an OverFlowALert, a CorrelationAlert or a ToolAlert, a Service can be a SNMPService or a WebService. But there are lots of other services that could have a dedicated class.
Solution 1¶
Make as much classes as there are types.
Impacted Class | Proposed Field | Type |
---|---|---|
Service->LDAPService | url | String |
operation | start_tls bind search compare add delete modify modify_dn abandon extended-operation unbind other |
|
ext-operation | String | |
dn | String | |
LDAPService->LDAPServiceParams | parameter | scope filter deref_aliases attribute sizelimit timelimit sizeonly ext-type |
ext-type | String | |
Service->SIPService | uri | String |
request | INVITE ACK BYE CANCEL OPTIONS REGISTER PRACK SUBSCRIBE NOTIFY PUBLISH INFO referer MESSAGE UPDATE other |
|
ext-request | String | |
response | integer | |
SIPService->HeaderSIPService | parameter | Enum |
value | String | |
Service->SMTPService | messsageid | String |
user-agent | String | |
subject | String | |
references | String |
Pros¶
- Bring a lot of information
Cons¶
- IDMEF diagram will be more complicated
Solution 2:¶
Remove the offered classes to jsut keep the Service class and consider it to be enough.
Impacted Class | Proposed Field | Type |
---|---|---|
Service->SNMPService | ||
Service->WebService |
Pros¶
Cons¶
- Remove a lot of informations for an alert
- No backwards compatibility
Meetings:¶
30/10/2015 Meeting : OK, but which services should be added ?