Assessment

The Assessment class describes the technical and non-technical repercussions of the incident on the CSIRT's constituency.

digraph Assessment { graph [rankdir=LR]; node [label="\N"]; graph [bb="0,0,556,698"]; Assessment [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#993016" HREF="/idmef_parser/IODEF/Assessment.html" TITLE="The Assessment class describes the technical and non-technical repercussions of the incident on the CSIRT&#39;s constituency. ">Assessment</td> </tr>" %<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Assessment.html" TITLE="Specifies whether the assessment is describing actual or potential outcomes. The default is &quot;actual&quot; and is assumed if not specified.">[ENUM] occurrence (Optional) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Assessment.html" TITLE="This attribute is defined in Section 3.2.">[ENUM] restriction (Optional) </td></tr>%</table>>, shape=plaintext, pos="117,319", width="3.25", height="0.95833"]; Impact [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#993016" HREF="/idmef_parser/IODEF/Impact.html" TITLE="The Impact class allows for categorizing and describing the technical impact of the incident on the network of an organization. ">Impact</td> </tr>" %<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Impact.html" TITLE="A valid language code per RFC 4646 [7] constrained by the definition of &quot;xs:language&quot;. The interpretation of this code is described in Section 6.">[ENUM] lang (Required) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Impact.html" TITLE="An estimate of the relative severity of the activity. The permitted values are shown below. There is no default value.">[ENUM] severity (Optional) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Impact.html" TITLE="An indication whether the described activity was successful. The permitted values are shown below. There is no default value.">[ENUM] completion (Optional) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Impact.html" TITLE="Classifies the malicious activity into incident categories. The permitted values are shown below. The default value is &quot;other&quot;.">[ENUM] type (Required) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Impact.html" TITLE="A means by which to extend the type attribute. See Section 5.1.">[STRING] ext-type (Optional) </td></tr>%</table>>, shape=plaintext, pos="427,634", width="3.25", height="1.7917"]; TimeImpact [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#993016" HREF="/idmef_parser/IODEF/TimeImpact.html" TITLE="The TimeImpact class describes the impact of the incident on an organization as a function of time. It provides a way to convey down time and recovery time. ">TimeImpact</td> </tr>" %<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/TimeImpact.html" TITLE="An estimate of the relative severity of the activity. The permitted values are shown below. There is no default value.">[ENUM] severity (Optional) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/TimeImpact.html" TITLE="Defines the metric in which the time is expressed. The permitted values are shown below. There is no default value.">[ENUM] metric (Required) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/TimeImpact.html" TITLE="A means by which to extend the metric attribute. See Section 5.1.">[STRING] ext-metric (Optional) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/TimeImpact.html" TITLE="Defines a unit of time, that when combined with the metric attribute, fully describes a metric of impact that will be conveyed in the element content. The permitted values are shown below. The default value is &quot;hour&quot;.">[ENUM] duration (Required) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/TimeImpact.html" TITLE="A means by which to extend the duration attribute. See Section 5.1.">[STRING] ext-duration (Optional) </td></tr>%</table>>, shape=plaintext, pos="427,488", width="3.5556", height="1.7917"]; MonetaryImpact [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#993016" HREF="/idmef_parser/IODEF/MonetaryImpact.html" TITLE="The MonetaryImpact class describes the financial impact of the activity on an organization. For example, this impact may consider losses due to the cost of the investigation or recovery, diminished ">MonetaryImpact</td> </tr>" %<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/MonetaryImpact.html" TITLE="An estimate of the relative severity of the activity. The permitted values are shown below. There is no default value.">[ENUM] severity (Optional) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/MonetaryImpact.html" TITLE="Defines the currency in which the monetary impact is expressed. The permitted values are defined in ISO 4217:2001, Codes for the representation of currencies and funds [14]. There is no default value.">[STRING] currency (Required) </td></tr>%</table>>, shape=plaintext, pos="427,372", width="3.2222", height="0.95833"]; Counter [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#993016" HREF="/idmef_parser/IODEF/Counter.html" TITLE="The Counter class summarize multiple occurrences of some event, or conveys counts or rates on various features (e.g., packets, sessions, events). ">Counter</td> </tr>" %<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Counter.html" TITLE="Specifies the units of the element content.">[ENUM] type (Required) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Counter.html" TITLE="A means by which to extend the type attribute. See Section 5.1.">[STRING] ext-type (Optional) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Counter.html" TITLE="If present, the Counter class represents a rate rather than a count over the entire event. In that case, this attribute specifies the denominator of the rate (where the type attribute specified the nominator). The possible values of this attribute are defined in Section 3.10.2">[ENUM] duration (Optional) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Counter.html" TITLE="A means by which to extend the duration attribute. See Section 5.1.">[STRING] ext-duration (Optional) </td></tr>%</table>>, shape=plaintext, pos="427,266", width="3.5556", height="1.5139"]; Confidence [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#993016" HREF="/idmef_parser/IODEF/Confidence.html" TITLE="The Confidence class represents a best estimate of the validity and accuracy of the described impact (see Section 3.10) of the incident activity. This estimate can be expressed as a category or a numeric calculation. ">Confidence</td> </tr>" %<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Confidence.html" TITLE="A rating of the analytical validity of the specified Assessment. The permitted values are shown below. There is no default value.">[ENUM] rating (Required) </td></tr>%</table>>, shape=plaintext, pos="427,170", width="2.8056", height="0.68056"]; AdditionalData [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#997a3d" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="The AdditionalData class serves as an extension mechanism for information not otherwise represented in the data model. For relatively simple information, atomic data types (e.g., integers, strings) are provided with a mechanism to annotate their meaning. The class can also be used to extend the data model (and the associated Schema) to support proprietary extensions by encapsulating entire XML documents conforming to another Schema (e.g., IDMEF). A detailed discussion for extending the data model and the schema can be found in Section 5. ">AdditionalData</td> </tr>" %<tr><td BGCOLOR="#FFCC66" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="The data type of the element content. The permitted values for this attribute are shown below. The default value is &quot;string&quot;.">[ENUM] dtype (Required) </td></tr>%<tr><td BGCOLOR="#FFCC66" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="A means by which to extend the dtype attribute. See Section 5.1.">[STRING] ext-dtype (Optional) </td></tr>%<tr><td BGCOLOR="#FFCC66" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="A free-form description of the element content.">[STRING] meaning (Optional) </td></tr>%<tr><td BGCOLOR="#FFCC66" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="An identifier referencing the format and semantics of the element content.">[STRING] formatid (Optional) </td></tr>%<tr><td BGCOLOR="#FFCC66" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="This attribute has been defined in Section 3.2.">[ENUM] restriction (Optional) </td></tr>%</table>>, shape=plaintext, pos="427,64", width="3.2778", height="1.7917"]; Assessment -> Impact [label="0..*", pos="e,309.78,570.7 136.4,353.4 166.09,403.79 226.92,498.43 298,561 299.29,562.14 300.61,563.27 301.94,564.39", lp="266,546.5"]; Assessment -> TimeImpact [label="0..*", pos="e,309.49,423.94 179.73,353.2 214.5,372.15 259.01,396.42 300.66,419.12", lp="266,411.5"]; Assessment -> MonetaryImpact [label="0..*", pos="e,310.41,352.07 234.2,339.04 255.83,342.74 278.51,346.61 300.41,350.36", lp="266,353.5"]; Assessment -> Counter [label="0..*", pos="e,298.49,287.97 234.2,298.96 251.92,295.93 270.34,292.78 288.46,289.69", lp="266,303.5"]; Assessment -> Confidence [label="0..1", pos="e,325.94,192.51 161.22,284.92 196.54,259.17 248.2,224.66 298,203 303.84,200.46 309.92,198.08 316.12,195.87", lp="266,231.5"]; Assessment -> AdditionalData [label="0..*", pos="e,310.35,128 145.96,284.67 179.83,245.83 238.83,182.13 298,137 299.37,135.95 300.76,134.91 302.16,133.88", lp="266,180.5"]; }


Aggregates

Impact (0..*)

Technical impact of the incident on a network.

TimeImpact (0..*)

Impact of the activity measured with respect to time.

MonetaryImpact (0..*)

Impact of the activity measured with respect to financial loss.

Counter (0..*)

A counter with which to summarize the magnitude of the activity.

Confidence (0..1)

An estimate of confidence in the assessment.

AdditionalData (0..*)

A mechanism by which to extend the data model.

Attributes

occurrence (Optional)

Specifies whether the assessment is describing actual or potential outcomes. The default is "actual" and is assumed if not specified.
Rank Keyword Description
1 actual This assessment describes activity that has occurred.
2 potential This assessment describes potential activity that might occur.

restriction (Optional)

This attribute is defined in Section 3.2.


IDMEF


IODEF