IDMEF vs IODEF: (6)

8. IDMEF intends to define tool of the attack by element ToolAlert

ToolAlert is subclass of Alert.

The ToolAlert class carries additional information related to the use of attack tools or malevolent programs such as Trojan horses, and can be used by the analyzer when it is able to identify these tools. It is intended to group one or more previously-sent alerts together, to say "these alerts were all the result of someone using this tool."

The ToolAlert class is composed of three aggregate classes: name, command, alertident.

No suggestions (Not applicable for IODEF?)

Previous slide

Next slide

Back to first slide

View graphic version