IODEF Method Zoom¶
Incident- Contact
- Method
- Assessment
- EventData
- History
Method Class¶
The Method class describes the methodology used by the intruder to perpetrate the events of the incident. This class consists of a list of references describing the attack method and a free form description of the technique.
The Method class is composed of three aggregate classes.¶
- Reference
Zero or many. A reference to a vulnerability, malware sample, advisory, or analysis of an attack technique.
- Description
Zero or many. ML_STRING. A free-form text description of the methodology used by the intruder.
- AdditionalData
Zero or many. A mechanism by which to extend the data model.
Either an instance of the Reference or Description class MUST be present.
The Method class has one attribute:¶
- restriction
Optional. ENUM. This attribute is defined in Incident Class.
Reference Class¶
The Reference class is a reference to a vulnerability, IDS alert, malware sample, advisory, or attack technique. A reference consists of a name, a URL to this reference, and an optional description.
The aggregate classes that constitute Reference:¶
- ReferenceName
One. ML_STRING. Name of the reference.
- URL
Zero or many. URL. A URL associated with the reference.
- Description
Zero or many. ML_STRING. A free-form text description of this reference.