7. Contents Requirements|
7.1 An Incident Report will generally refer to one or more entities. The entity may be an attacker, a victim or an observer. There are several facets of an entity involved in an Incident Report. The entity may have zero or more network addresses and names as well as zero or more location names, organizational name, person names, machine names etc. FINE should support various facets describing the entities involved.
7.2 The Incident Report should contain the type of the attack if it's known.
7.3 FINE must include the Identity of the creator (or current owner) of the Incident Report (CSIRT or other authority). This may be the sender in an information exchange or the team currently handling the incident.
7.4 The FINE should contain information about the attacker and victim, if known.