HistoryItem

The HistoryItem class is an entry in the History (Section 3.11) log that documents a particular action or event that occurred in the course of handling the incident. The details of the entry are a free-form description, but each can be categorized with the type attribute.

digraph HistoryItem { graph [rankdir=LR]; node [label="\N"]; graph [bb="0,0,886,468"]; HistoryItem [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#006a30" HREF="/idmef_parser/IODEF/HistoryItem.html" TITLE="The HistoryItem class is an entry in the History (Section 3.11) log that documents a particular action or event that occurred in the course of handling the incident. The details of the entry are a free-form description, but each can be categorized with the type attribute. ">HistoryItem</td> </tr>" %<tr><td BGCOLOR="#00B050" HREF="/idmef_parser/IODEF/HistoryItem.html" TITLE="Timestamp of this entry in the history log (e.g., when the action described in the Description was taken).">[] DateTime (1..1) </td></tr>%<tr><td BGCOLOR="#00B050" HREF="/idmef_parser/IODEF/HistoryItem.html" TITLE="A free-form textual description of the action or event.">[ML_STRING] Description (0..*) </td></tr>%<tr><td BGCOLOR="#00B050" HREF="/idmef_parser/IODEF/HistoryItem.html" TITLE="This attribute has been defined in Section 3.2.">[ENUM] restriction (Optional) </td></tr>%<tr><td BGCOLOR="#00B050" HREF="/idmef_parser/IODEF/HistoryItem.html" TITLE="Classifies a performed action or occurrence documented in this history log entry. As activity will likely have been instigated either through a previously conveyed expectation or internal investigation, this attribute is identical to the category attribute of the Expectation class. The difference is only one of tense. When an action is in this class, it has been completed. See Section 3.13.">[ENUM] action (Required) </td></tr>%<tr><td BGCOLOR="#00B050" HREF="/idmef_parser/IODEF/HistoryItem.html" TITLE="A means by which to extend the action attribute. See Section 5.1.">[STRING] ext-action (Optional) </td></tr>%</table>>, shape=plaintext, pos="122,213", width="3.3611", height="1.7917"]; IncidentID [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#5c7a00" HREF="/idmef_parser/IODEF/IncidentID.html" TITLE="The IncidentID class represents an incident tracking number that is unique in the context of the CSIRT and identifies the activity characterized in an IODEF Document. This identifier would serve as an index into the CSIRT incident handling system. The combination of the name attribute and the string in the element content MUST be a globally unique identifier describing the activity. Documents generated by a given CSIRT MUST NOT reuse the same value unless they are referencing the same incident. ">IncidentID</td> </tr>" %<tr><td BGCOLOR="#99CC00" HREF="/idmef_parser/IODEF/IncidentID.html" TITLE="An identifier describing the CSIRT that created the document. In order to have a globally unique CSIRT name, the fully qualified domain name associated with the CSIRT MUST be used.">[STRING] name (Required) </td></tr>%<tr><td BGCOLOR="#99CC00" HREF="/idmef_parser/IODEF/IncidentID.html" TITLE="An identifier referencing a subset of the named incident.">[STRING] instance (Optional) </td></tr>%<tr><td BGCOLOR="#99CC00" HREF="/idmef_parser/IODEF/IncidentID.html" TITLE="This attribute has been defined in Section 3.2.">[ENUM] restriction (Optional) </td></tr>%</table>>, shape=plaintext, pos="439,424", width="3.1667", height="1.2361"]; Contact [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#7a993d" HREF="/idmef_parser/IODEF/Contact.html" TITLE="The Contact class describes contact information for organizations and personnel involved in the incident. This class allows for the naming of the involved party, specifying contact information for them, and identifying their role in the incident. ">Contact</td> </tr>" %<tr><td BGCOLOR="#CCFF66" HREF="/idmef_parser/IODEF/Contact.html" TITLE="The name of the contact. The contact may either be an organization or a person. The type attribute disambiguates the semantics.">[ML_STRING] ContactName (0..1) </td></tr>%<tr><td BGCOLOR="#CCFF66" HREF="/idmef_parser/IODEF/Contact.html" TITLE="A free-form description of this contact. In the case of a person, this is often the organizational title of the individual.">[ML_STRING] Description (0..*) </td></tr>%<tr><td BGCOLOR="#CCFF66" HREF="/idmef_parser/IODEF/Contact.html" TITLE="The telephone number of the contact.">[] Telephone (0..*) </td></tr>%<tr><td BGCOLOR="#CCFF66" HREF="/idmef_parser/IODEF/Contact.html" TITLE="The facsimile telephone number of the contact.">[] Fax (0..1) </td></tr>%<tr><td BGCOLOR="#CCFF66" HREF="/idmef_parser/IODEF/Contact.html" TITLE="The timezone in which the contact resides formatted according to Section 2.9.">[TIMEZONE] Timezone (0..1) </td></tr>%<tr><td BGCOLOR="#CCFF66" HREF="/idmef_parser/IODEF/Contact.html" TITLE="Indicates the role the contact fulfills. This attribute is defined as an enumerated list:">[ENUM] role (Required) </td></tr>%<tr><td BGCOLOR="#CCFF66" HREF="/idmef_parser/IODEF/Contact.html" TITLE="A means by which to extend the role attribute. See Section 5.1.">[STRING] ext-role (Optional) </td></tr>%<tr><td BGCOLOR="#CCFF66" HREF="/idmef_parser/IODEF/Contact.html" TITLE="Indicates the type of contact being described. This attribute is defined as an enumerated list:">[ENUM] type (Required) </td></tr>%<tr><td BGCOLOR="#CCFF66" HREF="/idmef_parser/IODEF/Contact.html" TITLE="A means by which to extend the type attribute. See Section 5.1.">[STRING] ext-type (Optional) </td></tr>%<tr><td BGCOLOR="#CCFF66" HREF="/idmef_parser/IODEF/Contact.html" TITLE="This attribute is defined in Section 3.2.">[ENUM] restriction (Optional) </td></tr>%</table>>, shape=plaintext, pos="439,213", width="3.6111", height="3.1806"]; RegistryHandle [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#7a993d" HREF="/idmef_parser/IODEF/RegistryHandle.html" TITLE="The RegistryHandle class represents a handle into an Internet registry or community-specific database. The handle is specified in the element content and the type attribute specifies the database. ">RegistryHandle</td> </tr>" %<tr><td BGCOLOR="#CCFF66" HREF="/idmef_parser/IODEF/RegistryHandle.html" TITLE="The database to which the handle belongs. The default value is &#39;local&#39;. The possible values are:">[ENUM] registry (Required) </td></tr>%<tr><td BGCOLOR="#CCFF66" HREF="/idmef_parser/IODEF/RegistryHandle.html" TITLE="A means by which to extend the registry attribute. See Section 5.1.">[STRING] ext-registry (Optional) </td></tr>%</table>>, shape=plaintext, pos="760,332", width="3.5", height="0.95833"]; PostalAddress [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#7a993d" HREF="/idmef_parser/IODEF/PostalAddress.html" TITLE="The PostalAddress class specifies a postal address formatted according to the POSTAL data type (Section 2.11). ">PostalAddress</td> </tr>" %<tr><td BGCOLOR="#CCFF66" HREF="/idmef_parser/IODEF/PostalAddress.html" TITLE="A free-form description of the element content.">[ENUM] meaning (Optional) </td></tr>%<tr><td BGCOLOR="#CCFF66" HREF="/idmef_parser/IODEF/PostalAddress.html" TITLE="A valid language code per RFC 4646 [7] constrained by the definition of &quot;xs:language&quot;. The interpretation of this code is described in Section 6.">[ENUM] lang (Required) </td></tr>%</table>>, shape=plaintext, pos="760,246", width="3.0278", height="0.95833"]; Email [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#7a993d" HREF="/idmef_parser/IODEF/Email.html" TITLE="The Email class specifies an email address formatted according to EMAIL data type (Section 2.14). ">Email</td> </tr>" %<tr><td BGCOLOR="#CCFF66" HREF="/idmef_parser/IODEF/Email.html" TITLE="A free-form description of the element content (e.g., hours of coverage for a given number).">[ENUM] meaning (Optional) </td></tr>%</table>>, shape=plaintext, pos="760,170", width="3.0278", height="0.68056"]; AdditionalData [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#997a3d" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="The AdditionalData class serves as an extension mechanism for information not otherwise represented in the data model. For relatively simple information, atomic data types (e.g., integers, strings) are provided with a mechanism to annotate their meaning. The class can also be used to extend the data model (and the associated Schema) to support proprietary extensions by encapsulating entire XML documents conforming to another Schema (e.g., IDMEF). A detailed discussion for extending the data model and the schema can be found in Section 5. ">AdditionalData</td> </tr>" %<tr><td BGCOLOR="#FFCC66" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="The data type of the element content. The permitted values for this attribute are shown below. The default value is &quot;string&quot;.">[ENUM] dtype (Required) </td></tr>%<tr><td BGCOLOR="#FFCC66" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="A means by which to extend the dtype attribute. See Section 5.1.">[STRING] ext-dtype (Optional) </td></tr>%<tr><td BGCOLOR="#FFCC66" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="A free-form description of the element content.">[STRING] meaning (Optional) </td></tr>%<tr><td BGCOLOR="#FFCC66" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="An identifier referencing the format and semantics of the element content.">[STRING] formatid (Optional) </td></tr>%<tr><td BGCOLOR="#FFCC66" HREF="/idmef_parser/IODEF/AdditionalData.html" TITLE="This attribute has been defined in Section 3.2.">[ENUM] restriction (Optional) </td></tr>%</table>>, shape=plaintext, pos="760,64", width="3.2778", height="1.7917"]; HistoryItem -> IncidentID [label="0..1", pos="e,324.32,380.18 186.88,277.1 220.92,308.31 264.5,344.67 308,371 310.46,372.49 312.97,373.95 315.52,375.39", lp="276,364.5"]; Contact -> RegistryHandle [label="0..*", pos="e,659.11,298 569.56,264.77 591.03,273.03 613.1,281.36 634,289 639.09,290.86 644.3,292.74 649.57,294.62", lp="602,289.5"]; Contact -> PostalAddress [label="0..1", pos="e,650.85,234.78 569.56,226.42 593.07,228.84 617.47,231.35 640.65,233.73", lp="602,238.5"]; Contact -> Email [label="0..*", pos="e,650.85,184.62 569.56,195.51 593.07,192.36 617.47,189.09 640.65,185.99", lp="602,200.5"]; Contact -> Contact [label="0..*", pos="e,463.56,327.05 414.44,327.05 419.42,338.04 427.61,345 439,345 447.01,345 453.43,341.56 458.28,335.7", lp="439,353.5"]; Contact -> AdditionalData [label="0..*", pos="e,641.44,119.03 569.56,152.4 590.28,142.78 611.68,132.85 632.33,123.26", lp="602,150.5"]; HistoryItem -> Contact [label="0..1", pos="e,308.46,213 243.65,213 261.55,213 280.12,213 298.36,213", lp="276,221.5"]; HistoryItem -> AdditionalData [label="0..*", pos="e,641.35,46.836 186.16,148.75 219.52,119.79 262.73,88.636 308,73 412.51,36.905 538.86,37.808 631.38,45.921", lp="439,81.5"]; }


Aggregates

DateTime (1..1)

Timestamp of this entry in the history log (e.g., when the action described in the Description was taken).

IncidentID (0..1)

In a history log created by multiple parties, the IncidentID provides a mechanism to specify which CSIRT created a particular entry and references this organization's incident tracking number. When a single organization is maintaining the log, this class can be ignored.

Contact (0..1)

Provides contact information for the person that performed the action documented in this class.

Description (0..*)

A free-form textual description of the action or event.

AdditionalData (0..*)

A mechanism by which to extend the data model.

Attributes

restriction (Optional)

This attribute has been defined in Section 3.2.

action (Required)

Classifies a performed action or occurrence documented in this history log entry. As activity will likely have been instigated either through a previously conveyed expectation or internal investigation, this attribute is identical to the category attribute of the Expectation class. The difference is only one of tense. When an action is in this class, it has been completed. See Section 3.13.

ext-action (Optional)

A means by which to extend the action attribute. See Section 5.1.


IDMEF


IODEF