Service

The Service class describes network services on sources and targets. It can identify services by name, port, and protocol. When Service occurs as an aggregate class of Source, it is understood that the service is one from which activity of interest is originating; and that the service is "attached" to the Node, Process, and User information also contained in Source. Likewise, when Service occurs as an aggregate class of Target, it is understood that the service is one to which activity of interest is being directed; and that the service is "attached" to the Node, Process, and User information also contained in Target. If Service occurs in both Source and Target, then information in both locations should be the same. If information is the same in both locations and implementers wish to carry it in only one location, they should specify it as an aggregate of the Target class.

digraph Service { graph [rankdir=LR]; node [label="\N"]; graph [bb="0,0,692,314"]; Service [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#997a7a" HREF="/idmef_parser/IDMEF/Service.html" TITLE="The Service class describes network services on sources and targets. It can identify services by name, port, and protocol. When Service occurs as an aggregate class of Source, it is understood that the service is one from which activity of interest is originating; and that the service is &quot;attached&quot; to the Node, Process, and User information also contained in Source. Likewise, when Service occurs as an aggregate class of Target, it is understood that the service is one to which activity of interest is being directed; and that the service is &quot;attached&quot; to the Node, Process, and User information also contained in Target. If Service occurs in both Source and Target, then information in both locations should be the same. If information is the same in both locations and implementers wish to carry it in only one location, they should specify it as an aggregate of the Target class. ">Service</td> </tr>" %<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/Service.html" TITLE="The name of the service. Whenever possible, the name from the IANA list of well-known ports SHOULD be used.">[STRING] name (0..1) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/Service.html" TITLE="The port number being used.">[INTEGER] port (0..1) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/Service.html" TITLE="A list of port numbers being used; see Section 3.2.8 for formatting rules. If a portlist is given, the iana_protocol_number and iana_protocol_name MUST apply to all the elements of the list.">[PORTLIST] portlist (0..1) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/Service.html" TITLE="Additional information about the protocol being used. The intent of the protocol field is to carry additional information related to the protocol being used when the &lt;Service&gt; attributes iana_protocol_number or/and iana_protocol_name are filed.">[STRING] protocol (0..1) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/Service.html" TITLE="A unique identifier for the service; see Section 3.2.9.">[STRING] ident (Optional) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/Service.html" TITLE="The IP version number.">[INTEGER] ip_version (Optional) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/Service.html" TITLE="The IANA protocol number.">[INTEGER] iana_protocol_number (Optional) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/Service.html" TITLE="The IANA protocol name.">[STRING] iana_protocol_name (Optional) </td></tr>%</table>>, shape=plaintext, pos="167,177", width="4.6111", height="2.625"]; WebService [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#997a7a" HREF="/idmef_parser/IDMEF/WebService.html" TITLE="The WebService class carries additional information related to web traffic. ">WebService</td> </tr>" %<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/WebService.html" TITLE="The URL in the request.">[STRING] url (1) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/WebService.html" TITLE="The CGI script in the request, without arguments.">[STRING] cgi (0..1) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/WebService.html" TITLE="The HTTP method (PUT, GET) used in the request.">[STRING] http-method (0..1) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/WebService.html" TITLE="The arguments to the CGI script.">[STRING] arg (0..*) </td></tr>%</table>>, shape=plaintext, pos="531,260", width="3.1389", height="1.5139"]; SNMPService [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#997a7a" HREF="/idmef_parser/IDMEF/SNMPService.html" TITLE="The SNMPService class carries additional information related to SNMP traffic. The aggregate classes composing SNMPService must be interpreted as described in RFC 3411 [15] and RFC 3584 [16]. ">SNMPService</td> </tr>" %<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/SNMPService.html" TITLE="The object identifier in the request.">[STRING] oid (0..1) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/SNMPService.html" TITLE="The SNMP version, typically 0 for SNMPv1, 1 for SNMPv2c, 2 for SNMPv2u and SNMPv2*, and 3 for SNMPv3; see RFC 3411 [15] Section 5 for appropriate values.">[INTEGER] messageProcessingModel (0..1) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/SNMPService.html" TITLE="The identification of the security model in use, typically 0 for any, 1 for SNMPv1, 2 for SNMPv2c, and 3 for USM; see RFC 3411 [15] Section 5 for appropriate values.">[INTEGER] securityModel (0..1) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/SNMPService.html" TITLE="The object&#39;s security name; see RFC 3411 [15] Section 3.2.2.">[STRING] securityName (0..1) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/SNMPService.html" TITLE="The security level of the SNMP request; see RFC 3411 [15] Section 3.4.3.">[INTEGER] securityLevel (0..1) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/SNMPService.html" TITLE="The object&#39;s context name; see RFC 3411 [15] Section 3.3.3.">[STRING] contextName (0..1) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/SNMPService.html" TITLE="The object&#39;s context engine identifier; see RFC 3411 [15] Section 3.3.2.">[STRING] contextEngineID (0..1) </td></tr>%<tr><td BGCOLOR="#FFCCCC" HREF="/idmef_parser/IDMEF/SNMPService.html" TITLE="The command sent to the SNMP server (GET, SET, etc.).">[STRING] command (0..1) </td></tr>%</table>>, shape=plaintext, pos="531,94", width="4.4444", height="2.625"]; Service -> WebService [dir=back, arrowtail=invempty, pos="s,333.55,214.98 343.61,217.27 368.88,223.03 394.29,228.83 417.89,234.21"]; Service -> SNMPService [dir=back, arrowtail=invempty, pos="s,333.55,139.02 343.34,136.79 352.37,134.73 361.42,132.67 370.4,130.62"]; }


Childs

WebService

SNMPService

Aggregates

name (0..1)

The name of the service. Whenever possible, the name from the IANA list of well-known ports SHOULD be used.

port (0..1)

The port number being used.

portlist (0..1)

A list of port numbers being used; see Section 3.2.8 for formatting rules. If a portlist is given, the iana_protocol_number and iana_protocol_name MUST apply to all the elements of the list.

protocol (0..1)

Additional information about the protocol being used. The intent of the protocol field is to carry additional information related to the protocol being used when the attributes iana_protocol_number or/and iana_protocol_name are filed.

Attributes

ident (Optional)

A unique identifier for the service; see Section 3.2.9.

ip_version (Optional)

The IP version number.

iana_protocol_number (Optional)

The IANA protocol number.

iana_protocol_name (Optional)

The IANA protocol name.


IDMEF


IODEF