LibPrelude IDMEF path

Here will be listed all the fields available in LibPrelude with their respective paths.

Alert

  • alert.tool_alert.name
  • alert.tool_alert.command
  • alert.tool_alert.alertident.alertident
  • alert.tool_alert.alertident.analyzerid STRING
  • alert.correlation_alert.name
  • alert.correlation_alert.alertident.alertident
  • alert.correlation_alert.alertident.analyzerid STRING
  • alert.overflow_alert.program
  • alert.overflow_alert.size
  • alert.overflow_alert.buffer

Time

  • alert.analyzer_time
  • alert.create_time
  • alert.detect_time

Analyzer

  • alert.analyzer().analyzerid
  • alert.analyzer().name
  • alert.analyzer().manufacturer
  • alert.analyzer().model
  • alert.analyzer().version
  • alert.analyzer().class
  • alert.analyzer().ostype
  • alert.analyzer().osversion

Node/Address

  • alert.analyzer().node.ident
  • alert.analyzer().node.category
  • alert.analyzer().node.location
  • alert.analyzer().node.name
  • alert.analyzer().node.address().ident
  • alert.analyzer().node.address().category
  • alert.analyzer().node.address().vlan_name
  • alert.analyzer().node.address().vlan_num
  • alert.analyzer().node.address().address
  • alert.analyzer().node.address().netmask

Process

  • alert.analyzer().process.ident
  • alert.analyzer().process.name
  • alert.analyzer().process.pid
  • alert.analyzer().process.path
  • alert.analyzer().process.arg
  • alert.analyzer().process.env

Source

  • alert.source().ident
  • alert.source().spoofed
  • alert.source().interface

Node/Address

  • alert.source().node.ident
  • alert.source().node.category
  • alert.source().node.location
  • alert.source().node.name
  • alert.source().node.address().ident
  • alert.source().node.address().category
  • alert.source().node.address().vlan_name
  • alert.source().node.address().vlan_num
  • alert.source().node.address().address
  • alert.source().node.address().netmask

Process

  • alert.source().process.ident
  • alert.source().process.name
  • alert.source().process.pid
  • alert.source().process.path
  • alert.source().process.arg
  • alert.source().process.env

User/UserId

  • alert.source().user.ident
  • alert.source().user.category
  • alert.source().user.user_id().ident
  • alert.source().user.user_id().type
  • alert.source().user.user_id().tty
  • alert.source().user.user_id().name
  • alert.source().user.user_id().number

Service

  • alert.source().service.ident
  • alert.source().service.ip_version
  • alert.source().service.iana_protocol_number
  • alert.source().service.iana_protocol_name
  • alert.source().service.name
  • alert.source().service.port
  • alert.source().service.portlist
  • alert.source().service.protocol
  • alert.source().service.web_service.url
  • alert.source().service.web_service.cgi
  • alert.source().service.web_service.http_method
  • alert.source().service.web_service.arg
  • alert.source().service.snmp_service.oid
  • alert.source().service.snmp_service.message_processing_model
  • alert.source().service.snmp_service.security_model
  • alert.source().service.snmp_service.security_name
  • alert.source().service.snmp_service.security_level
  • alert.source().service.snmp_service.context_name
  • alert.source().service.snmp_service.context_engine_id
  • alert.source().service.snmp_service.command
  • alert.source().service.snmp_service.community

Target

  • alert.target().ident
  • alert.target().decoy
  • alert.target().interface

Node/Address

  • alert.target().node.ident
  • alert.target().node.category
  • alert.target().node.location
  • alert.target().node.name
  • alert.target().node.address().ident
  • alert.target().node.address().category
  • alert.target().node.address().vlan_name
  • alert.target().node.address().vlan_num
  • alert.target().node.address().address
  • alert.target().node.address().netmask

Process

  • alert.target().process.ident
  • alert.target().process.name
  • alert.target().process.pid
  • alert.target().process.path
  • alert.target().process.arg
  • alert.target().process.env

User/UserId

  • alert.target().user.ident
  • alert.target().user.category
  • alert.target().user.user_id().ident
  • alert.target().user.user_id().type
  • alert.target().user.user_id().tty
  • alert.target().user.user_id().name
  • alert.target().user.user_id().number

Service

  • alert.target().service.ident
  • alert.target().service.ip_version
  • alert.target().service.iana_protocol_number
  • alert.target().service.iana_protocol_name
  • alert.target().service.name
  • alert.target().service.port
  • alert.target().service.portlist
  • alert.target().service.protocol
  • alert.target().service.web_service.url
  • alert.target().service.web_service.cgi
  • alert.target().service.web_service.http_method
  • alert.target().service.web_service.arg
  • alert.target().service.snmp_service.oid
  • alert.target().service.snmp_service.message_processing_model
  • alert.target().service.snmp_service.security_model
  • alert.target().service.snmp_service.security_name
  • alert.target().service.snmp_service.security_level
  • alert.target().service.snmp_service.context_name
  • alert.target().service.snmp_service.context_engine_id
  • alert.target().service.snmp_service.command
  • alert.target().service.snmp_service.community

File

  • alert.target().file().ident
  • alert.target().file().name
  • alert.target().file().path
  • alert.target().file().create_time
  • alert.target().file().modify_time
  • alert.target().file().access_time
  • alert.target().file().data_size
  • alert.target().file().disk_size
  • alert.target().file().file_access().permission
  • alert.target().file().file_access().user_id().ident
  • alert.target().file().file_access().user_id().type
  • alert.target().file().file_access().user_id().tty
  • alert.target().file().file_access().user_id().name
  • alert.target().file().file_access().user_id().number
  • alert.target().file().linkage().category
  • alert.target().file().linkage().name
  • alert.target().file().linkage().path
  • alert.target().file().linkage().file…
  • alert.target().file().inode.change_time
  • alert.target().file().inode.number
  • alert.target().file().inode.major_device
  • alert.target().file().inode.minor_device
  • alert.target().file().inode.c_major_device
  • alert.target().file().inode.c_minor_device
  • alert.target().file().checksum.value
  • alert.target().file().checksum.key
  • alert.target().file().checksum.algorithm
  • alert.target().file().category
  • alert.target().file().fstype
  • alert.target().file().file_type

Assessment

  • alert.assessment.impact.severity
  • alert.assessment.impact.completion
  • alert.assessment.impact.type
  • alert.assessment.impact.description
  • alert.assessment.action.category
  • alert.assessment.action.description
  • alert.assessment.confidence.rating
  • alert.assessment.confidence.confidence

Classification

  • alert.classification.ident
  • alert.classification.text
  • alert.classification.reference().origin
  • alert.classification.reference().name
  • alert.classification.reference().url
  • alert.classification.reference().meaning

Additional Data

  • alert.additional_data().meaning
  • alert.additional_data().type
  • alert.additional_data().data