Action

The Action class is used to describe any actions taken by the analyzer in response to the event. Is is represented in the IDMEF DTD as follows:

digraph Action { graph [rankdir=LR]; node [label="\N"]; graph [bb="0,0,160,48"]; Action [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#993016" HREF="/idmef_parser/IDMEF/Action.html" TITLE="The Action class is used to describe any actions taken by the analyzer in response to the event. Is is represented in the IDMEF DTD as follows: ">Action</td> </tr>" %<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IDMEF/Action.html" TITLE="The default value is &quot;other&quot;. (See also Section 10.)">[ENUM] category () </td></tr>%</table>>, shape=plaintext, pos="80,24", width="2.2222", height="0.68056"]; }



Attributes

category

The default value is "other". (See also Section 10.)
Rank Keyword Description
0 block-installed A block of some sort was installed to prevent an attack from reaching its destination. The block could be a port block, address block, etc., or disabling a user account.
1 notification-sent A notification message of some sort was sent out-of-band (via pager, e-mail, etc.). Does not include the transmission of this alert.
2 taken-offline A system, computer, or user was taken offline, as when the computer is shut down or a user is logged off.
3 other Anything not in one of the above categories.


IDMEF


IODEF