RecordItem
The RecordItem class provides a way to incorporate relevant logs, audit trails, or forensic data to support the conclusions made during the course of analyzing the incident. The class supports both the direct encapsulation of the data, as well as, provides primitives to reference data stored elsewhere.
digraph RecordItem { graph [bb="0,0,199,134", rankdir=LR ]; node [label="\N"]; RecordItem [height=1.8611, label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#997a00" HREF="/idmef_parser/IODEF/RecordItem.html" TITLE="The RecordItem class provides a way to incorporate relevant logs, audit trails, or forensic data to support the conclusions made during the course of analyzing the incident. The class supports both the direct encapsulation of the data, as well as, provides primitives to reference data stored elsewhere. ">RecordItem</td> </tr>" %<tr><td BGCOLOR="#ffcc00" HREF="/idmef_parser/IODEF/RecordItem.html" TITLE="The data type of the element content. The permitted values for this attribute are shown below. The default value is "string".">[ENUM] dtype (Required) </td></tr>%<tr><td BGCOLOR="#ffcc00" HREF="/idmef_parser/IODEF/RecordItem.html" TITLE="A means by which to extend the dtype attribute. See Section 5.1.">[STRING] ext-dtype (Optional) </td></tr>%<tr><td BGCOLOR="#ffcc00" HREF="/idmef_parser/IODEF/RecordItem.html" TITLE="A free-form description of the element content.">[STRING] meaning (Optional) </td></tr>%<tr><td BGCOLOR="#ffcc00" HREF="/idmef_parser/IODEF/RecordItem.html" TITLE="An identifier referencing the format and semantics of the element content.">[STRING] formatid (Optional) </td></tr>%<tr><td BGCOLOR="#ffcc00" HREF="/idmef_parser/IODEF/RecordItem.html" TITLE="This attribute has been defined in Section 3.2.">[ENUM] restriction (Optional) </td></tr>%</table>>, pos="99.5,67", shape=plaintext, width=2.7639]; }
Attributes
dtype (Required)
The data type of the element content. The permitted values for this attribute are shown below. The default value is "string".
Rank Keyword Description 1 boolean The element content is of type BOOLEAN. 2 byte The element content is of type BYTE. 3 character The element content is of type CHARACTER. 4 date-time The element content is of type DATETIME. 5 integer The element content is of type INTEGER. 6 portlist The element content is of type PORTLIST. 7 real The element content is of type REAL. 8 string The element content is of type STRING. 9 file The element content is a base64 encoded binary file encoded as a BYTE[] type. 10 frame The element content is a layer-2 frame encoded as a HEXBIN type. 11 packet The element content is a layer-3 packet encoded as a HEXBIN type. 12 ipv4-packet The element content is an IPv4 packet encoded as a HEXBIN type. 13 ipv6-packet The element content is an IPv6 packet encoded as a HEXBIN type. 14 path The element content is a file-system path encoded as a STRING type. 15 url The element content is of type URL. 16 csv The element content is a common separated value (CSV) list per Section 2 of [20] encoded as a STRING type. 17 winreg The element content is a Windows registry key encoded as a STRING type. 18 xml The element content is XML (see Section 5). 19 ext-value An escape value used to extend this attribute. See Section 5.1.
ext-dtype (Optional)
A means by which to extend the dtype attribute. See Section 5.1.
meaning (Optional)
A free-form description of the element content.
formatid (Optional)
An identifier referencing the format and semantics of the element content.
restriction (Optional)
This attribute has been defined in Section 3.2.