IDMEF and IODEF

Impact

The Impact class allows for categorizing and describing the technical impact of the incident on the network of an organization.

digraph Impact {
	graph [bb="0,0,201,134",
		rankdir=LR
	];
	node [label="\N"];
	Impact	 [height=1.8611,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#993016" HREF="/idmef_parser/IODEF/Impact.html" TITLE="The Impact class allows for categorizing and describing the technical impact of the incident on the network of an organization. ">Impact</td> </tr>" %<tr><td BGCOLOR="#FF5024"  HREF="/idmef_parser/IODEF/Impact.html" TITLE="A valid language code per RFC 4646 [7] constrained by the definition of &quot;xs:language&quot;.  The interpretation of this code is described in Section 6.">[ENUM] lang (Required) </td></tr>%<tr><td BGCOLOR="#FF5024"  HREF="/idmef_parser/IODEF/Impact.html" TITLE="An estimate of the relative severity of the activity.  The permitted values are shown below.  There is no default value.">[ENUM] severity (Optional) </td></tr>%<tr><td BGCOLOR="#FF5024"  HREF="/idmef_parser/IODEF/Impact.html" TITLE="An indication whether the described activity was successful.  The permitted values are shown below.  There is no default value.">[ENUM] completion (Optional) </td></tr>%<tr><td BGCOLOR="#FF5024"  HREF="/idmef_parser/IODEF/Impact.html" TITLE="Classifies the malicious activity into incident categories.  The permitted values are shown below.  The default value is &quot;other&quot;.">[ENUM] type (Required) </td></tr>%<tr><td BGCOLOR="#FF5024"  HREF="/idmef_parser/IODEF/Impact.html" TITLE="A means by which to extend the type attribute. See Section 5.1.">[STRING] ext-type (Optional) </td></tr>%</table>>,
		pos="100.5,67",
		shape=plaintext,
		width=2.7917];
}

Attributes

lang (Required)

A valid language code per RFC 4646 [7] constrained by the definition of "xs:language". The interpretation of this code is described in Section 6.

severity (Optional)

An estimate of the relative severity of the activity. The permitted values are shown below. There is no default value.

Rank	Keyword	Description
1	low	Low severity
2	medium	Medium severity
3	high	High severity

completion (Optional)

An indication whether the described activity was successful. The permitted values are shown below. There is no default value.

Rank	Keyword	Description
1	failed	The attempted activity was not successful.
2	succeeded	The attempted activity succeeded.

type (Required)

Classifies the malicious activity into incident categories. The permitted values are shown below. The default value is "other".

Rank	Keyword	Description
1	admin	Administrative privileges were attempted.
2	dos	A denial of service was attempted.
3	file	An action that impacts the integrity of a file or database was attempted.
4	info-leak	An attempt was made to exfiltrate information.
5	misconfiguration	An attempt was made to exploit a mis- configuration in a system.
6	policy	Activity violating site's policy was attempted.
7	recon	Reconnaissance activity was attempted.
8	social-engineering	A social engineering attack was attempted.
9	user	User privileges were attempted.
10	unknown	The classification of this activity is unknown.
11	ext-value	An escape value used to extend this attribute. See Section 5.1.

ext-type (Optional)

A means by which to extend the type attribute. See Section 5.1.