Project

General

Profile

IODEF History Zoom

Incident


The History Class

The History class is a log of the significant events or actions performed by the involved parties during the course of handling the incident.

The level of detail maintained in this log is left up to the discretion of those handling the incident.

The class that constitutes History is:

  • HistoryItem

One or many. Entry in the history log of significant events or actions performed by the involved parties.

The History class has one attribute:

  • restriction
    Optional. ENUM. This attribute has been defined in Incident Class

The HistoryItem Class

The HistoryItem class is an entry in the History log that documents a particular action or event that occurred in the course of handling the incident. The details of the entry are a free-form description, but each can be categorized with the type attribute.

The aggregate classes that constitute HistoryItem are:

  • DateTime

One. Timestamp of this entry in the history log (e.g., when the action described in the Description was taken).

  • IncidentID

Zero or One. In a history log created by multiple parties, the IncidentID provides a mechanism to specify which CSIRT created a particular entry and references this organization's incident tracking number. When a single organization is maintaining the log, this class can be ignored.

  • Contact

Zero or One. Provides contact information for the person that performed the action documented in this class.

  • Description

Zero or many. ML_STRING. A free-form textual description of the action or event.

  • AdditionalData

Zero or many. A mechanism by which to extend the data model.

The HistoryItem class has three attributes:

  • restriction

Optional. ENUM. This attribute has been defined in Incident Class

  • action

Required. ENUM. Classifies a performed action or occurrence documented in this history log entry. As activity will likely have been instigated either through a previously conveyed expectation or internal investigation, this attribute is identical to the category attribute of the Expectation class. The difference is only one of tense. When an action is in this class, it has been completed. Enumeration is defined in "Expectation Class":tralala METTRE LE LIEN

  • ext-action

Optional. STRING. A means by which to extend the action attribute.

History.svg View - IODEF UML Diagram History Zoom (65.7 KB) Vérène Houdebine, 05/07/2015 05:43 PM