IDMEF vs IODEF: (8)

10. Check definition of “user” and “userId” in IDMEF.

The User class is used to describe user that is receiving the event(s). It is primarily used as a "container" class for the UserId aggregate class.

The UserId class provides specific information about a user. More than one UserId can be used within the User class to indicate attempts to transition from one user to another, or to provide complete information about a user's (or process') privileges.

The UserId class is composed of two aggregate classes: name, number.

User class in IDMEF is not clearly defined.

Comment to IDWG.

Do we have/need “user*” element in IODEF?

Previous slide

Next slide

Back to first slide

View graphic version