The Intrusion Detection Message Exchange Format (IDMEF)
Voir toute la rfc dans une seule page
Page : 62 / 157
Télécharger le PDF
Auteur(s) :
H. Debar,
D. Curry,
B. Feinstein
Classé sous :
Security,
Exchange,
Secure,
Xml,
Ids,
Intrusion detection,
Intrusion
RFC 4765 The IDMEF March 2007
The aggregate classes that make up Service are:
name
Zero or one. STRING. The name of the service. Whenever
possible, the name from the IANA list of well-known ports SHOULD
be used.
port
Zero or one. INTEGER. The port number being used.
portlist
Zero or one. PORTLIST. A list of port numbers being used; see
Section 3.2.8 for formatting rules. If a portlist is given, the
iana_protocol_number and iana_protocol_name MUST apply to all the
elements of the list.
protocol
Zero or one. STRING. Additional information about the protocol
being used. The intent of the protocol field is to carry
additional information related to the protocol being used when the
<Service> attributes iana_protocol_number or/and
iana_protocol_name are filed.
A Service MUST be specified as either (a) a name or a port or (b) a
portlist. The protocol is optional in all cases, but no other
combinations are permitted.
Service is represented in the IDMEF DTD as follows:
<!ELEMENT Service (
(((name, port?) | (port, name?)) | portlist), protocol?,
SNMPService?, WebService?
)>
<!ATTLIST Service
ident CDATA '0'
ip_version CDATA #IMPLIED
iana_protocol_number CDATA #IMPLIED
iana_protocol_name CDATA #IMPLIED
%attlist.global;
>
Debar, et al. Experimental [Page 62]