IDMEF AdditionalData Zoom¶Alert
- Additional Data
The AdditionalData Class¶
The AdditionalData class is used to provide information that cannot be represented by the data model. AdditionalData can be used to provide atomic data (integers, strings, etc.) in cases where only small amounts of additional information need to be sent; it can also be used to extend the data model and the DTD to support the transmission of complex data (such as packet headers).
The AdditionalData class has two attribute:¶
Optional. A string describing the meaning of the element content. These values will be vendor/implementation dependent; the method for ensuring that managers understand the strings sent by analyzers is outside the scope of this specification. A list of acceptable meaning keywords is not within the scope of the document, although later versions may undertake to establish such a list.
Rank Keyword Description 0 boolean The element contains a boolean value, i.e., the strings "true" or "false" 1 byte The element content is a single 8-bit byte 2 character The element content is a single character 3 date-time The element content is a date-time string 4 integer The element content is an integer 5 ntpstamp The element content is an NTP timestamp 6 portlist The element content is a list of ports 7 real The element content is a real number 8 string The element content is a string 9 byte-string The element is a byte 10 xmltext The element content is XML-tagged data