Action
The Action class is used to describe any actions taken by the analyzer in response to the event. Is is represented in the IDMEF DTD as follows:
digraph Action { graph [bb="0,0,139,50", rankdir=LR ]; node [label="\N"]; Action [height=0.69444, label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#993016" HREF="/idmef_parser/IDMEF/Action.html" TITLE="The Action class is used to describe any actions taken by the analyzer in response to the event. Is is represented in the IDMEF DTD as follows: ">Action</td> </tr>" %<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IDMEF/Action.html" TITLE="The default value is "other". (See also Section 10.)">[ENUM] category () </td></tr>%</table>>, pos="69.5,25", shape=plaintext, width=1.9306]; }
Attributes
category
The default value is "other". (See also Section 10.)
Rank Keyword Description 0 block-installed A block of some sort was installed to prevent an attack from reaching its destination. The block could be a port block, address block, etc., or disabling a user account. 1 notification-sent A notification message of some sort was sent out-of-band (via pager, e-mail, etc.). Does not include the transmission of this alert. 2 taken-offline A system, computer, or user was taken offline, as when the computer is shut down or a user is logged off. 3 other Anything not in one of the above categories.