RecordData

The RecordData class groups log or audit data from a given sensor (e.g., IDS, firewall log) and provides a way to annotate the output. 

digraph RecordData {
	graph [bb="0,0,491,674.5",
		rankdir=LR
	];
	node [label="\N"];
	RecordData	 [height=1.2778,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#997a00" HREF="/idmef_parser/IODEF/RecordData.html" TITLE="The RecordData class groups log or audit data from a given sensor (e.g., IDS, firewall log) and provides a way to annotate the output. ">RecordData</td> </tr>" %<tr><td BGCOLOR="#ffcc00"  HREF="/idmef_parser/IODEF/RecordData.html" TITLE="Timestamp of the RecordItem data.">[] DateTime (0..1) </td></tr>%<tr><td BGCOLOR="#ffcc00"  HREF="/idmef_parser/IODEF/RecordData.html" TITLE="Free-form textual description of the provided RecordItem data.  At minimum, this description should convey the significance of the provided RecordItem data.">[ML_STRING] Description (0..*) </td></tr>%<tr><td BGCOLOR="#ffcc00"  HREF="/idmef_parser/IODEF/RecordData.html" TITLE="This attribute has been defined in Section 3.2.">[ENUM] restriction (Optional) </td></tr>%</table>>,
		pos="106,300",
		shape=plaintext,
		width=2.9444];
	Application	 [height=2.7361,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#182f5f" HREF="/idmef_parser/IODEF/Application.html" TITLE="The Application class describes an application running on a System providing a Service. ">Application</td> </tr>" %<tr><td BGCOLOR="#284f9f"  HREF="/idmef_parser/IODEF/Application.html" TITLE="A URL describing the application.">[URL] URL (0..1) </td></tr>%<tr><td BGCOLOR="#284f9f"  HREF="/idmef_parser/IODEF/Application.html" TITLE="An identifier that can be used to reference this software.">[STRING] swid (Optional) </td></tr>%<tr><td BGCOLOR="#284f9f"  HREF="/idmef_parser/IODEF/Application.html" TITLE="An identifier that can be used to reference a particular configuration of this software.">[STRING] configid (Optional) </td></tr>%<tr><td BGCOLOR="#284f9f"  HREF="/idmef_parser/IODEF/Application.html" TITLE="Vendor name of the software.">[STRING] vendor (Optional) </td></tr>%<tr><td BGCOLOR="#284f9f"  HREF="/idmef_parser/IODEF/Application.html" TITLE="Family of the software.">[STRING] family (Optional) </td></tr>%<tr><td BGCOLOR="#284f9f"  HREF="/idmef_parser/IODEF/Application.html" TITLE="Name of the software.">[STRING] name (Optional) </td></tr>%<tr><td BGCOLOR="#284f9f"  HREF="/idmef_parser/IODEF/Application.html" TITLE="Version of the software.">[STRING] version (Optional) </td></tr>%<tr><td BGCOLOR="#284f9f"  HREF="/idmef_parser/IODEF/Application.html" TITLE="Patch or service pack level of the software.">[STRING] patch (Optional) </td></tr>%</table>>,
		pos="380.5,576",
		shape=plaintext,
		width=2.6806];
	RecordData -> Application	 [label="0..1",
		lp="241,453.5",
		pos="e,283.78,482.79 150.91,346.26 183.51,380.43 229.2,427.94 270,469 272.11,471.12 274.24,473.26 276.39,475.42"];
	RecordPattern	 [height=2.1528,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#997a00" HREF="/idmef_parser/IODEF/RecordPattern.html" TITLE="The RecordPattern class describes where in the content of the RecordItem relevant information can be found. It provides a way to reference subsets of information, identified by a pattern, in a large log file, audit trail, or forensic data. ">RecordPattern</td> </tr>" %<tr><td BGCOLOR="#ffcc00"  HREF="/idmef_parser/IODEF/RecordPattern.html" TITLE="Describes the type of pattern being specified in the element content.  The default is &quot;regex&quot;.">[ENUM] type (Required) </td></tr>%<tr><td BGCOLOR="#ffcc00"  HREF="/idmef_parser/IODEF/RecordPattern.html" TITLE="A means by which to extend the type attribute. See Section 5.1.">[STRING] ext-type (Optional) </td></tr>%<tr><td BGCOLOR="#ffcc00"  HREF="/idmef_parser/IODEF/RecordPattern.html" TITLE="Amount of units (determined by the offsetunit attribute) to seek into the RecordItem data before matching the pattern.">[INTEGER] offset (Optional) </td></tr>%<tr><td BGCOLOR="#ffcc00"  HREF="/idmef_parser/IODEF/RecordPattern.html" TITLE="Describes the units of the offset attribute. The default is &quot;line&quot;.">[ENUM] offsetunit (Optional) </td></tr>%<tr><td BGCOLOR="#ffcc00"  HREF="/idmef_parser/IODEF/RecordPattern.html" TITLE="A means by which to extend the offsetunit attribute.  See Section 5.1.">[STRING] ext-offsetunit (Optional) </td></tr>%<tr><td BGCOLOR="#ffcc00"  HREF="/idmef_parser/IODEF/RecordPattern.html" TITLE="Number of types to apply the specified pattern.">[INTEGER] instance (Optional) </td></tr>%</table>>,
		pos="380.5,382",
		shape=plaintext,
		width=3.0694];
	RecordData -> RecordPattern	 [label="0..*",
		lp="241,350.5",
		pos="e,269.92,349.02 212.36,331.7 227.98,336.41 244.18,341.28 260.07,346.06"];
	RecordItem	 [height=1.8611,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#997a00" HREF="/idmef_parser/IODEF/RecordItem.html" TITLE="The RecordItem class provides a way to incorporate relevant logs, audit trails, or forensic data to support the conclusions made during the course of analyzing the incident. The class supports both the direct encapsulation of the data, as well as, provides primitives to reference data stored elsewhere. ">RecordItem</td> </tr>" %<tr><td BGCOLOR="#ffcc00"  HREF="/idmef_parser/IODEF/RecordItem.html" TITLE="The data type of the element content.  The permitted values for this attribute are shown below.  The default value is &quot;string&quot;.">[ENUM] dtype (Required) </td></tr>%<tr><td BGCOLOR="#ffcc00"  HREF="/idmef_parser/IODEF/RecordItem.html" TITLE="A means by which to extend the dtype attribute.  See Section 5.1.">[STRING] ext-dtype (Optional) </td></tr>%<tr><td BGCOLOR="#ffcc00"  HREF="/idmef_parser/IODEF/RecordItem.html" TITLE="A free-form description of the element content.">[STRING] meaning (Optional) </td></tr>%<tr><td BGCOLOR="#ffcc00"  HREF="/idmef_parser/IODEF/RecordItem.html" TITLE="An identifier referencing the format and semantics of the element content.">[STRING] formatid (Optional) </td></tr>%<tr><td BGCOLOR="#ffcc00"  HREF="/idmef_parser/IODEF/RecordItem.html" TITLE="This attribute has been defined in Section 3.2.">[ENUM] restriction (Optional) </td></tr>%</table>>,
		pos="380.5,219",
		shape=plaintext,
		width=2.7639];
	RecordData -> RecordItem	 [label="1..*",
		lp="241,268.5",
		pos="e,280.68,248.37 212.36,268.68 231.57,262.97 251.66,257 270.97,251.26"];
	AdditionalData	 [height=1.8611,
		label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#997a3d" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="The AdditionalData class serves as an extension mechanism for information not otherwise represented in the data model. For relatively simple information, atomic data types (e.g., integers, strings) are provided with a mechanism to annotate their meaning. The class can also be used to extend the data model (and the associated Schema) to support proprietary extensions by encapsulating entire XML documents conforming to another Schema (e.g., IDMEF). A detailed discussion for extending the data model and the schema can be found in Section 5. ">AdditionalData</td> </tr>" %<tr><td BGCOLOR="#FFCC66"  HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="The data type of the element content.  The permitted values for this attribute are shown below.  The default value is &quot;string&quot;.">[ENUM] dtype (Required) </td></tr>%<tr><td BGCOLOR="#FFCC66"  HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="A means by which to extend the dtype attribute.  See Section 5.1.">[STRING] ext-dtype (Optional) </td></tr>%<tr><td BGCOLOR="#FFCC66"  HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="A free-form description of the element content.">[STRING] meaning (Optional) </td></tr>%<tr><td BGCOLOR="#FFCC66"  HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="An identifier referencing the format and semantics of the element content.">[STRING] formatid (Optional) </td></tr>%<tr><td BGCOLOR="#FFCC66"  HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="This attribute has been defined in Section 3.2.">[ENUM] restriction (Optional) </td></tr>%</table>>,
		pos="380.5,67",
		shape=plaintext,
		width=2.7639];
	RecordData -> AdditionalData	 [label="0..1",
		lp="241,183.5",
		pos="e,281.03,134.2 150.87,253.99 182.7,221.56 227.46,177.87 270,143 271.01,142.17 272.02,141.35 273.04,140.52"];
}

Aggregates

DateTime (0..1)

Timestamp of the RecordItem data.

Description (0..*)

Free-form textual description of the provided RecordItem data. At minimum, this description should convey the significance of the provided RecordItem data.

Application (0..1)

Information about the sensor used to generate the RecordItem data.

RecordPattern (0..*)

A search string to precisely find the relevant data in a RecordItem.

RecordItem (1..*)

Log, audit, or forensic data.

AdditionalData (0..1)

An extension mechanism for data not explicitly represented in the data model.

Attributes

restriction (Optional)

This attribute has been defined in Section 3.2.

IDMEF

IODEF