Impact

The Impact class allows for categorizing and describing the technical impact of the incident on the network of an organization.

digraph Impact { graph [rankdir=LR]; node [label="\N"]; graph [bb="0,0,234,128"]; Impact [label=<<table BORDER="0" CELLBORDER="1" CELLSPACING="0"> <tr > <td BGCOLOR="#993016" HREF="/idmef_parser/IODEF/Impact.html" TITLE="The Impact class allows for categorizing and describing the technical impact of the incident on the network of an organization. ">Impact</td> </tr>" %<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Impact.html" TITLE="A valid language code per RFC 4646 [7] constrained by the definition of &quot;xs:language&quot;. The interpretation of this code is described in Section 6.">[ENUM] lang (Required) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Impact.html" TITLE="An estimate of the relative severity of the activity. The permitted values are shown below. There is no default value.">[ENUM] severity (Optional) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Impact.html" TITLE="An indication whether the described activity was successful. The permitted values are shown below. There is no default value.">[ENUM] completion (Optional) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Impact.html" TITLE="Classifies the malicious activity into incident categories. The permitted values are shown below. The default value is &quot;other&quot;.">[ENUM] type (Required) </td></tr>%<tr><td BGCOLOR="#FF5024" HREF="/idmef_parser/IODEF/Impact.html" TITLE="A means by which to extend the type attribute. See Section 5.1.">[STRING] ext-type (Optional) </td></tr>%</table>>, shape=plaintext, pos="117,64", width="3.25", height="1.7917"]; }



Attributes

lang (Required)

A valid language code per RFC 4646 [7] constrained by the definition of "xs:language". The interpretation of this code is described in Section 6.

severity (Optional)

An estimate of the relative severity of the activity. The permitted values are shown below. There is no default value.
Rank Keyword Description
1 low Low severity
2 medium Medium severity
3 high High severity

completion (Optional)

An indication whether the described activity was successful. The permitted values are shown below. There is no default value.
Rank Keyword Description
1 failed The attempted activity was not successful.
2 succeeded The attempted activity succeeded.

type (Required)

Classifies the malicious activity into incident categories. The permitted values are shown below. The default value is "other".
Rank Keyword Description
1 admin Administrative privileges were attempted.
2 dos A denial of service was attempted.
3 file An action that impacts the integrity of a file or database was attempted.
4 info-leak An attempt was made to exfiltrate information.
5 misconfiguration An attempt was made to exploit a mis- configuration in a system.
6 policy Activity violating site's policy was attempted.
7 recon Reconnaissance activity was attempted.
8 social-engineering A social engineering attack was attempted.
9 user User privileges were attempted.
10 unknown The classification of this activity is unknown.
11 ext-value An escape value used to extend this attribute. See Section 5.1.

ext-type (Optional)

A means by which to extend the type attribute. See Section 5.1.


IDMEF


IODEF