IODEF Method Zoom¶Incident
The Method class describes the methodology used by the intruder to perpetrate the events of the incident. This class consists of a list of references describing the attack method and a free form description of the technique.
The Method class is composed of three aggregate classes.¶
Zero or many. A reference to a vulnerability, malware sample, advisory, or analysis of an attack technique.
Zero or many. ML_STRING. A free-form text description of the methodology used by the intruder.
Zero or many. A mechanism by which to extend the data model.
Either an instance of the Reference or Description class MUST be present.
The Method class has one attribute:¶
Optional. ENUM. This attribute is defined in Incident Class.
The Reference class is a reference to a vulnerability, IDS alert, malware sample, advisory, or attack technique. A reference consists of a name, a URL to this reference, and an optional description.
The aggregate classes that constitute Reference:¶
One. ML_STRING. Name of the reference.
Zero or many. URL. A URL associated with the reference.
Zero or many. ML_STRING. A free-form text description of this reference.