IDMEF vs IODEF: (2)

4. Compare (target, source)/IDMEF and (target, source)/IODEF.

 Does source/IDMEF cover/equal to Attacker/IODEF?

The Target class contains information about the possible target(s) of the event(s) that generated an alert. An event may have more than one target (e.g., in the case of a port sweep).

The Target class is composed of four aggregate classes: Node, User, Process, Service

The Source class contains information about the possible source(s) of the event(s) that generated an alert. An event may have more than one source (e.g., in a distributed denial of service attack).

The Source class is composed of four aggregate classes: Node, User, Process, Service

O.K. to reuse

Previous slide

Next slide

Back to first slide

View graphic version