Project

General

Profile

IDMEF Process Zoom » History » Version 4

Anonymous, 06/04/2015 11:58 AM

1 1 Anonymous
h1. IDMEF Process Zoom
2 1 Anonymous
3 2 Anonymous
[[IDMEFDiag#Whole-Diagram| Whole Diagram]]
4 2 Anonymous
5 2 Anonymous
[[IDMEF Alert Zoom|Alert]]
6 2 Anonymous
* [[IDMEF Time Zoom|Time]]
7 2 Anonymous
* [[IDMEF Analyzer Zoom|Analyzer]]
8 2 Anonymous
** [[IDMEF Node Zoom|Node/Address]]
9 2 Anonymous
** *Process*
10 2 Anonymous
* [[IDMEF Target/Source Zoom|Source/Target]]
11 2 Anonymous
** [[IDMEF Node Zoom|Node/Address]]
12 2 Anonymous
** [[IDMEF User Zoom|User/UserId]]
13 2 Anonymous
** [[IDMEF Service Zoom|Service]]
14 2 Anonymous
** [[IDMEF File Zoom|File]]
15 2 Anonymous
* [[IDMEF Assessment Zoom|Assessment]]
16 2 Anonymous
* [[IDMEF Classification Zoom|Classification]]
17 2 Anonymous
18 2 Anonymous
----
19 2 Anonymous
20 4 Anonymous
!/attachments/download/65/Process%20Zoom.svg!
21 3 Anonymous
22 3 Anonymous
----
23 3 Anonymous
24 3 Anonymous
h2. The Process Class
25 3 Anonymous
26 3 Anonymous
The Process class is used to describe processes being executed on sources, targets, and analyzers.
27 3 Anonymous
28 3 Anonymous
h4. The Process class is composed of five aggregate classes:
29 3 Anonymous
30 3 Anonymous
* name
31 3 Anonymous
32 3 Anonymous
> Exactly one.  STRING.  The name of the program being executed. This is a short name; path and argument information are provided elsewhere.
33 3 Anonymous
34 3 Anonymous
* pid
35 3 Anonymous
36 3 Anonymous
>Zero or one.  INTEGER.  The process identifier of the process.
37 3 Anonymous
38 3 Anonymous
* path
39 3 Anonymous
40 3 Anonymous
> Zero or one.  STRING.  The full path of the program being executed.
41 3 Anonymous
42 3 Anonymous
* arg
43 3 Anonymous
44 3 Anonymous
> Zero or more.  STRING.  A command-line argument to the program. Multiple arguments may be specified (they are assumed to have occurred in the same order they are provided) with multiple uses of arg.
45 3 Anonymous
46 3 Anonymous
* env
47 3 Anonymous
48 3 Anonymous
> Zero or more.  STRING.  An environment string associated with the process; generally of the format "VARIABLE=value".  Multiple environment strings may be specified with multiple uses of env.
49 3 Anonymous
50 3 Anonymous
h4. The Process class has one attribute:
51 3 Anonymous
52 3 Anonymous
* ident
53 3 Anonymous
54 3 Anonymous
> Optional.  A unique identifier for the process.