The Reference class provides the "name" of an alert, or other information allowing the manager to determine what it is.
digraph Reference { graph [bb="0,0,195,113", rankdir=LR ]; node [label="\N"]; Reference [height=1.5694, label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#5c3d1f" HREF="/idmef_parser/IDMEF/Reference.html" TITLE="The Reference class provides the "name" of an alert, or other information allowing the manager to determine what it is. ">Reference</td> </tr>" %<tr><td BGCOLOR="#996633" HREF="/idmef_parser/IDMEF/Reference.html" TITLE="The name of the alert, from one of the origins listed below.">[STRING] name (1) </td></tr>%<tr><td BGCOLOR="#996633" HREF="/idmef_parser/IDMEF/Reference.html" TITLE="A URL at which the manager (or the human operator of the manager) can find additional information about the alert. The document pointed to by the URL may include an in-depth description of the attack, appropriate countermeasures, or other information deemed relevant by the vendor.">[STRING] url (1) </td></tr>%<tr><td BGCOLOR="#996633" HREF="/idmef_parser/IDMEF/Reference.html" TITLE="The source from which the name of the alert originates. The permitted values for this attribute are shown below. The default value is "unknown". (See also Section 10.)">[ENUM] origin (Required) </td></tr>%<tr><td BGCOLOR="#996633" HREF="/idmef_parser/IDMEF/Reference.html" TITLE="The meaning of the reference, as understood by the alert provider. This field is only valid if the value of the <origin> attribute is set to "vendor-specific" or "user-specific".">[STRING] meaning (Optional) </td></tr>%</table>>, pos="97.5,56.5", shape=plaintext, width=2.7083]; }
The name of the alert, from one of the origins listed below.
A URL at which the manager (or the human operator of the manager) can find additional information about the alert. The document pointed to by the URL may include an in-depth description of the attack, appropriate countermeasures, or other information deemed relevant by the vendor.
The source from which the name of the alert originates. The permitted values for this attribute are shown below. The default value is "unknown". (See also Section 10.)
Rank Keyword Description 0 unknown Origin of the name is not known 1 vendor-specific A vendor-specific name (and hence, URL); this can be used to provide product-specific information 2 user-specific A user-specific name (and hence, URL); this can be used to provide installation-specific information 3 bugtraqid The SecurityFocus ("Bugtraq") vulnerability database identifier (http://www.securityfocus.com/bid) 4 cve The Common Vulnerabilities and Exposures (CVE) name (http://cve.mitre.org/) 5 osvdb The Open Source Vulnerability Database (http://www.osvdb.org)
The meaning of the reference, as understood by the alert provider. This field is only valid if the value of theattribute is set to "vendor-specific" or "user-specific".