The Method class describes the methodology used by the intruder to perpetrate the events of the incident. This class consists of a list of references describing the attack method and a free form description of the technique.
digraph Method { graph [bb="0,0,507,244", rankdir=LR ]; node [label="\N"]; Method [height=0.98611, label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#5c3d1f" HREF="/idmef_parser/IODEF/Method.html" TITLE="The Method class describes the methodology used by the intruder to perpetrate the events of the incident. This class consists of a list of references describing the attack method and a free form description of the technique. ">Method</td> </tr>" %<tr><td BGCOLOR="#996633" HREF="/idmef_parser/IODEF/Method.html" TITLE="A free-form text description of the methodology used by the intruder.">[ML_STRING] Description (0..*) </td></tr>%<tr><td BGCOLOR="#996633" HREF="/idmef_parser/IODEF/Method.html" TITLE="This attribute is defined in Section 3.2.">[ENUM] restriction (Optional) </td></tr>%</table>>, pos="106,132", shape=plaintext, width=2.9444]; Reference [height=1.2778, label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#5c3d1f" HREF="/idmef_parser/IODEF/Reference.html" TITLE="The Reference class is a reference to a vulnerability, IDS alert, malware sample, advisory, or attack technique. A reference consists of a name, a URL to this reference, and an optional description. ">Reference</td> </tr>" %<tr><td BGCOLOR="#996633" HREF="/idmef_parser/IODEF/Reference.html" TITLE="Name of the reference.">[ML_STRING] ReferenceName (1..1) </td></tr>%<tr><td BGCOLOR="#996633" HREF="/idmef_parser/IODEF/Reference.html" TITLE="A URL associated with the reference.">[URL] URL (0..*) </td></tr>%<tr><td BGCOLOR="#996633" HREF="/idmef_parser/IODEF/Reference.html" TITLE="A free-form text description of this reference.">[ML_STRING] Description (0..*) </td></tr>%</table>>, pos="388.5,198", shape=plaintext, width=3.2917]; Method -> Reference [label="0..*", lp="241,172.5", pos="e,269.89,170.33 212.25,156.76 227.82,160.43 244.02,164.24 259.99,168"]; AdditionalData [height=1.8611, label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#997a3d" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="The AdditionalData class serves as an extension mechanism for information not otherwise represented in the data model. For relatively simple information, atomic data types (e.g., integers, strings) are provided with a mechanism to annotate their meaning. The class can also be used to extend the data model (and the associated Schema) to support proprietary extensions by encapsulating entire XML documents conforming to another Schema (e.g., IDMEF). A detailed discussion for extending the data model and the schema can be found in Section 5. ">AdditionalData</td> </tr>" %<tr><td BGCOLOR="#FFCC66" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="The data type of the element content. The permitted values for this attribute are shown below. The default value is "string".">[ENUM] dtype (Required) </td></tr>%<tr><td BGCOLOR="#FFCC66" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="A means by which to extend the dtype attribute. See Section 5.1.">[STRING] ext-dtype (Optional) </td></tr>%<tr><td BGCOLOR="#FFCC66" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="A free-form description of the element content.">[STRING] meaning (Optional) </td></tr>%<tr><td BGCOLOR="#FFCC66" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="An identifier referencing the format and semantics of the element content.">[STRING] formatid (Optional) </td></tr>%<tr><td BGCOLOR="#FFCC66" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="This attribute has been defined in Section 3.2.">[ENUM] restriction (Optional) </td></tr>%</table>>, pos="388.5,67", shape=plaintext, width=2.7639]; Method -> AdditionalData [label="0..*", lp="241,110.5", pos="e,288.62,89.913 212.25,107.61 233.95,102.58 256.85,97.276 278.68,92.217"]; }
A reference to a vulnerability, malware sample, advisory, or analysis of an attack technique.
A free-form text description of the methodology used by the intruder.
A mechanism by which to extend the data model.
This attribute is defined in Section 3.2.