IDMEF Process Zoom¶
Alert- Time
- Analyzer
- Node/Address
- Process
- Source/Target
- Node/Address
- Process
- User/UserId
- Service
- File
- Assessment
- Classification
- Additional Data
The Process Class¶
The Process class is used to describe processes being executed on sources, targets, and analyzers.
The Process class is composed of five aggregate classes:¶
- name
Exactly one. STRING. The name of the program being executed. This is a short name; path and argument information are provided elsewhere.
- pid
Zero or one. INTEGER. The process identifier of the process.
- path
Zero or one. STRING. The full path of the program being executed.
- arg
Zero or more. STRING. A command-line argument to the program. Multiple arguments may be specified (they are assumed to have occurred in the same order they are provided) with multiple uses of arg.
- env
Zero or more. STRING. An environment string associated with the process; generally of the format "VARIABLE=value". Multiple environment strings may be specified with multiple uses of env.
The Process class has one attribute:¶
- ident
Optional. A unique identifier for the process.