Project

General

Profile

History

Wiki » IODEF format » IODEF Contact Zoom »

IODEF Method Zoom

Incident

Method Class

The Method class describes the methodology used by the intruder to perpetrate the events of the incident. This class consists of a list of references describing the attack method and a free form description of the technique.

The Method class is composed of three aggregate classes.

  • Reference

Zero or many. A reference to a vulnerability, malware sample, advisory, or analysis of an attack technique.

  • Description

Zero or many. ML_STRING. A free-form text description of the methodology used by the intruder.

  • AdditionalData

Zero or many. A mechanism by which to extend the data model.

Either an instance of the Reference or Description class MUST be present.

The Method class has one attribute:

  • restriction

Optional. ENUM. This attribute is defined in Incident Class.

Reference Class

The Reference class is a reference to a vulnerability, IDS alert, malware sample, advisory, or attack technique. A reference consists of a name, a URL to this reference, and an optional description.

The aggregate classes that constitute Reference:

  • ReferenceName

One. ML_STRING. Name of the reference.

  • URL

Zero or many. URL. A URL associated with the reference.

  • Description

Zero or many. ML_STRING. A free-form text description of this reference.

Method.svg View - IODEF UML Diagram Method Zoom (45.5 KB) Vérène Houdebine, 05/07/2015 05:32 PM