Class CIM_IPNetworkSecurityIndication


  extends CIM_SecurityIndication
IPNetworkSecurityIndication is a class that represents events that have a network context, i.e. a source or destination address is a necessary property of the indication. More specific Indication subclasses that can derive from this class are for example, firewall or intrusion detection subclasses. This class is not limited to use on IPv4 networks but has numerical property support for IPv4 networks that can be used for efficient implementations of search and analysis.
Details...
This class is not implemented.

Subclasses

 CIM_IPPacketFilterIndication

Class Qualifiers

NameData TypeValueScopeFlavors
DescriptionstringIPNetworkSecurityIndication is a class that represents events that have a network context, i.e. a source or destination address is a necessary property of the indication. More specific Indication subclasses that can derive from this class are for example, firewall or intrusion detection subclasses. This class is not limited to use on IPv4 networks but has numerical property support for IPv4 networks that can be used for efficient implementations of search and analysis.None TRANSLATABLE= true
ExperimentalbooleantrueTOSUBCLASS= falseNone
IndicationbooleantrueNone OVERRIDABLE= false
UMLPackagePathstringCIM::EventNone None
Versionstring2.10.0TOSUBCLASS= falseTRANSLATABLE= true

Local Class Properties

NameData TypeQualifiers
NameData TypeValueScopeFlavors
AlertingElementFormatuint16
DescriptionstringThe format of the AlertingManagedElement property is interpretable based upon the value of this property. Values are defined as: 0 - Unknown. The format is unknown or not meaningfully interpretable by a CIM client application. 1 - Other. The format is defined by the value of the OtherAlertingElementFormat property. 2 - CIMObjectPath. The format is a CIMObjectPath, with format <NamespacePath>:<ClassName>.<Prop1>="<Value1>", <Prop2>="<Value2>", . . . specifying an instance in the CIM Schema.None TRANSLATABLE= true
ModelCorrespondencestringCIM_AlertIndication.AlertingManagedElement, CIM_AlertIndication.OtherAlertingElementFormatNone None
ValueMapstring0, 1, 2None None
ValuesstringUnknown, Other, CIMObjectPathNone TRANSLATABLE= true
AlertingManagedElementstring
DescriptionstringThe identifying information of the entity (ie, the instance) for which this Indication is generated. The property contains the path of an instance, encoded as a string parameter - if the instance is modeled in the CIM Schema. If not a CIM instance, the property contains some identifying string that names the entity for which the Alert is generated. The path or identifying string is formatted per the AlertingElementFormat property.None TRANSLATABLE= true
ModelCorrespondencestringCIM_AlertIndication.AlertingElementFormatNone None
AlertTypeuint16
DescriptionstringPrimary classification of the Indication. The following value is the only value permitted from AlertIndication: 8 - Security Alert. An Indication of this type is associated with security violations, detection of viruses, and similar issues.None TRANSLATABLE= true
MappingStringsstringRecommendation.ITU|X733.Event typeNone None
OverridestringAlertTypeTOSUBCLASS= falseNone
RequiredbooleantrueNone OVERRIDABLE= false
ValueMapstring8None None
ValuesstringSecurity AlertNone TRANSLATABLE= true
CorrelatedIndicationsstring
DescriptionstringA list of IndicationIdentifiers whose notifications are correlated with (related to) this one.None TRANSLATABLE= true
MappingStringsstringRecommendation.ITU|X733.Correlated notificationsNone None
ModelCorrespondencestringCIM_Indication.IndicationIdentifierNone None
Descriptionstring
DescriptionstringA short description of the Indication.None TRANSLATABLE= true
MappingStringsstringRecommendation.ITU|X733.Additional textNone None
DestAddressstring
DescriptionstringThe address for the destination of the network traffic associated with this Indication from the Detector's point of view. This address MUST be identical to the IPv4NumericDestAddress if both property values are not NULL and the IPVersionSupport property is "IPv4".None TRANSLATABLE= true
ModelCorrespondencestringCIM_IPNetworkSecurityIndication.IPv4NumericDestAddress, CIM_IPNetworkSecurityIndication.IPVersionSupportNone None
DestMACAddressstring
DescriptionstringThe MAC address for the destination address for this message from the Detector's point of view.None TRANSLATABLE= true
ModelCorrespondencestringCIM_IPNetworkSecurityIndication.DestAddress, CIM_IPNetworkSecurityIndication.IPv4NumericDestAddressNone None
DestPortuint32
DescriptionstringThe port for the destination address for this message from the Detector's point of view.None TRANSLATABLE= true
ModelCorrespondencestringCIM_IPNetworkSecurityIndication.DestAddress, CIM_IPNetworkSecurityIndication.IPv4NumericDestAddressNone None
DestPrefixLengthuint8
DescriptionstringThe prefix length for the IPv6 address for the destination of the network traffic associated with this Indication from the Detector's point of view.None TRANSLATABLE= true
ModelCorrespondencestringCIM_IPNetworkSecurityIndication.DestAddress, CIM_IPNetworkSecurityIndication.IPVersionSupportNone None
Effectsuint16
ArrayTypestringIndexedNone OVERRIDABLE= false
DescriptionstringAn array of enumerated values that describes the effect(s) of an event from the Detector's point of view. Some security devices such as simple packet filters may not be able to detect the notion of an event's Effect. In these cases, the Effect is "Unknown". Although in many cases the Effect of an attack is intended, not all attacks have a known intent, such as viruses or other malicious code, which may have multiple varied Effects. If there is more than one Effect, the first element in the array SHOULD represent the most significant or most severe Effect, from the Detector's point of view. The following values are defined: 0 - Unknown means the Effect of the event is purely unknown. 2 - Degradation. The message indicates that an attempt was made to damage or impair usability, performance, service availability, etc. 3 - Reconnaissance. The message indicates that there was an attempt to gather information useful for attacks, or probe for vulnerabilities without necessarily exploiting them. 4 - Access. The message indicates that access has been attempted or made to data or services. 5 - Integrity. The message indicates that there was an attempt to modify or delete data. 6 - System Compromised. The message indicates that an attacker succeeded in gaining complete access to the system.None TRANSLATABLE= true
ModelCorrespondencestringCIM_SecurityIndication.MoreSpecificEffectsNone None
RequiredbooleantrueNone OVERRIDABLE= false
ValueMapstring0, .., 2, 3, 4, 5, 6, 16000..None None
ValuesstringUnknown, DMTF Reserved, Degradation, Reconnaissance, Access, Integrity, System Compromised, Vendor ReservedNone TRANSLATABLE= true
EventCountuint16
CounterbooleantrueNone None
DescriptionstringThe number of events represented by this Indication. If IndicationStartCountTime is not NULL, EventCount MUST be greater than 1 which means that the Indication represents an event aggregate.None TRANSLATABLE= true
MinValuesint641None None
ModelCorrespondencestringCIM_SecurityIndication.IndicationStartCountTimeNone None
EventIDstring
DescriptionstringAn instrumentation or provider specific value that describes the underlying "real-world" event represented by the Indication. Two Indications with the same, non NULL EventID value are considered, by the creating entity, to represent the same event. The comparison of two EventID values is only defined for Alert Indications with identical, non NULL values of SystemCreateClassName, SystemName and ProviderName.None TRANSLATABLE= true
ModelCorrespondencestringCIM_AlertIndication.ProbableCauseNone None
EventTimedatetime
DescriptionstringThe time and date the underlying event was first detected. If specified, this property MUST be set to NULL if the creating entity is not capable of providing this information. This value is based on the notion of local date and time of the Managed System Element generating the Indication.None TRANSLATABLE= true
ModelCorrespondencestringCIM_AlertIndication.ProbableCauseNone None
IndicationFilterNamestring
DescriptionstringAn identifier for the indication filter that selects this indication and causes it to be sent. This property is to be filled out by the indication sending service. The value shall be correlatable with the Name property of the instance of CIM_IndicationFilter describing the criteria of the indication. The value of the IndicationFilterName should be formatted using the following algorithm: < OrgID > : < LocalID >, where < OrgID > and < LocalID > are separated by a colon (:) and < OrgID > shall include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the value or that is a registered ID assigned to the business entity by a recognized global authority. In addition, to ensure uniqueness, < OrgID > shall not contain a colon (:).When using this algorithm, the first colon to appear in the value shall appear between < OrgID > and < LocalID >. < LocalID > is chosen by the business entity and shall be used uniquely.None TRANSLATABLE= true
ExperimentalbooleantrueTOSUBCLASS= falseNone
ModelCorrespondencestringCIM_IndicationFilter.NameNone None
IndicationIdentifierstring
DescriptionstringAn identifier for the Indication. This property is similar to a key value in that it can be used for identification, when correlating Indications (see the CorrelatedIndications array). Its value SHOULD be unique as long as Alert correlations are reported, but MAY be reused or left NULL if no future Indications will reference it in their CorrelatedIndications array.None TRANSLATABLE= true
MappingStringsstringRecommendation.ITU|X733.Notification identifierNone None
OverridestringIndicationIdentifierTOSUBCLASS= falseNone
RequiredbooleantrueNone OVERRIDABLE= false
IndicationStartCountTimedatetime
DescriptionstringThe start time and date of a range of events represented by the Indication whose current event time is specified by IndicationTime. If the Indication represents a single event, this property MUST be set to NULL. If the Indication represents multiple events over time, the EventCount property MUST be greater than 1 and this property MUST be less than or equal to the IndicationTime value. In this case, the Indication represents an event aggregate with the aggregate amplitude being the EventCount property. The time range or EventCount does not imply a threshold in and of itself, but a time or amplitude threshold MAY be used in determining how a Detector populates this property.None TRANSLATABLE= true
ModelCorrespondencestringCIM_SecurityIndication.EventCount, CIM_SecurityIndication.IndicationTimeNone None
IndicationTimedatetime
DescriptionstringThe time and date of creation of the Indication. The property may be set to NULL if the entity creating the Indication is not capable of determining this information. Note that IndicationTime may be the same for two Indications that are generated in rapid succession.None TRANSLATABLE= true
ModelCorrespondencestringCIM_SecurityIndication.IndicationStartCountTimeNone None
OverridestringIndicationTimeTOSUBCLASS= falseNone
RequiredbooleantrueNone OVERRIDABLE= false
IPv4NumericDestAddressuint32
DescriptionstringThe IPv4 destination address in numeric form. This address MUST be identical to the DestAddress property if both property values are not NULL and the IPVersionSupport property is "IPv4".None TRANSLATABLE= true
ModelCorrespondencestringCIM_IPNetworkSecurityIndication.DestAddress, CIM_IPNetworkSecurityIndication.IPVersionSupportNone None
IPv4NumericSourceAddressuint32
DescriptionstringThe IPv4 source address in numeric form. This address MUST be identical to the SourceAddress property if both property values are not NULL and the IPVersionSupport property is "IPv4".None TRANSLATABLE= true
ModelCorrespondencestringCIM_IPNetworkSecurityIndication.SourceAddress, CIM_IPNetworkSecurityIndication.IPVersionSupportNone None
IPVersionSupportuint16
DescriptionstringThis property explicitly defines support for different versions of the IP protocol for the traffic associated with this Indication.None TRANSLATABLE= true
RequiredbooleantrueNone OVERRIDABLE= false
ValueMapstring0, 2, 3None None
ValuesstringUnknown, IPv4, IPv6None TRANSLATABLE= true
Mechanismsuint16
ArrayTypestringIndexedNone OVERRIDABLE= false
DescriptionstringAn array of integers indicating the method(s) used in an attack, probe, or other action. When more than one value is used there MAY be a parent/child or hierarchical relationship between values where the more general or parent value is at the lowest index and the more specific or child value(s) are at increasing indices. Values with a parent/child relationship are: Parent - NetworkProtocol Children - NetworkICMP, NetworkTCP, NetworkUDP, NetworkHTTP Parent - Overloading Children - Congestion, Saturation Mechanisms values can be used with any of the Effects values, depending on the method(s) employed in an attack or probe. For example, a DoS attack using ICMP packets, Effects would contain Degradation, and Mechanisms would contain NetworkProtocol and NetworkICMP in that order. For a port scan, Effects contains Reconnaissance and Mechanisms would contain PortScan.None TRANSLATABLE= true
ModelCorrespondencestringCIM_SecurityIndication.MoreSpecificMechanismsNone None
RequiredbooleantrueNone OVERRIDABLE= false
ValueMapstring0, .., 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 16000..None None
ValuesstringUnknown, DMTF Reserved, ArpPoisoning, Backdoor, Rootkit, Trojan, BufferOverflow, GuessPassword, ReplayAttack, SQLInjection, SpoofIdentity, PortSweep, HostSweep, NetworkSweep, NetworkICMP, NetworkTCP, NetworkUDP, Worm, Virus, Non-viral Malicious, Spyware, Adware, Login, Logout, Application Exploitation, Script Injection, Stale-data Scan, Congestion, Saturation, Overloading, Port Scan, Network Protocol, Network HTTP, Phishing, Redirection, RemoteExecution, DataManipulation, Cross-site Scripting, Vendor ReservedNone TRANSLATABLE= true
Messagestring
DescriptionstringThe formatted message. This message is constructed by combining some or all of the dynamic elements specified in the MessageArguments property with the static elements uniquely identified by the MessageID in a message registry or other catalog associated with the OwningEntity.None TRANSLATABLE= true
ExperimentalbooleantrueTOSUBCLASS= falseNone
ModelCorrespondencestringCIM_AlertIndication.MessageID, CIM_AlertIndication.MessageArgumentsNone None
MessageArgumentsstring
DescriptionstringAn array containing the dynamic content of the message.None TRANSLATABLE= true
ExperimentalbooleantrueTOSUBCLASS= falseNone
ModelCorrespondencestringCIM_AlertIndication.Message, CIM_AlertIndication.MessageIDNone None
MessageIDstring
DescriptionstringA string that uniquely identifies, within the scope of the OwningEntity, the format of the Message.None TRANSLATABLE= true
ExperimentalbooleantrueTOSUBCLASS= falseNone
ModelCorrespondencestringCIM_AlertIndication.Message, CIM_AlertIndication.MessageArgumentsNone None
MessageTypeuint16
DescriptionstringAn integer indicating the type of message to which the Indication applies. Generic indications of this class SHOULD set the value to Unknown. DMTF subclasses will define specific values from the DMTF Class Reserved range.None TRANSLATABLE= true
OverridestringMessageTypeTOSUBCLASS= falseNone
RequiredbooleantrueNone OVERRIDABLE= false
ValueMapstring0, .., 2, 3..500, 16000..None None
ValuesstringUnknown, DMTF Reserved, Not Applicable, DMTF Class Reserved, Vendor ReservedNone TRANSLATABLE= true
MoreSpecificEffectsstring
ArrayTypestringIndexedNone OVERRIDABLE= false
DescriptionstringIf more details are known about the effect of an attack or probe, this property can contain that information. For example, if one of the values of Effects is Access, a more specific Effect might be HostCompromised. Or, if the Effect is Degradation, a more specific effect might be DistributedDoS. String values for this property are vendor or Detector specific and as such, the property CIM_AlertIndication.OwningEntity SHOULD be populated to identify the business entity or standards body defining the possible values.None TRANSLATABLE= true
ModelCorrespondencestringCIM_SecurityIndication.Effects, CIM_AlertIndication.OwningEntityNone None
MoreSpecificMechanismsstring
ArrayTypestringIndexedNone OVERRIDABLE= false
DescriptionstringSpecifies a more specific mechanism based on a value specified in the Mechanisms property. For example, if one of the values of Mechanisms is Trojan, then a MoreSpecificMechanisms might be Connect for a trojan that opens a port and listens for connections. A different method might be Response if the trojan sends information. String values for this property are vendor or Detector specific and as such, the property CIM_AlertIndication.OwningEntity SHOULD be populated to identify the business entity or standards body defining the possible values.None TRANSLATABLE= true
ModelCorrespondencestringCIM_SecurityIndication.Mechanisms, CIM_AlertIndication.OwningEntityNone None
MoreSpecificResourcesstring
ArrayTypestringIndexedNone OVERRIDABLE= false
DescriptionstringSpecifies a more specific resource based on a value specified in the Resources property. For example, if one of the values of Resources is Web, then a MoreSpecificResource might be Apache for an attack or probe against an Apache web server. String values for this property are vendor or Detector specific and as such, the property CIM_AlertIndication.OwningEntity SHOULD be populated to identify the business entity or standards body defining the possible values.None TRANSLATABLE= true
ModelCorrespondencestringCIM_SecurityIndication.Resources, CIM_AlertIndication.OwningEntityNone None
OtherAlertingElementFormatstring
DescriptionstringA string defining "Other" values for AlertingElementFormat. This value MUST be set to a non NULL value when AlertingElementFormat is set to a value of 1 ("Other"). For all other values of AlertingElementFormat, the value of this string must be set to NULL.None TRANSLATABLE= true
ModelCorrespondencestringCIM_AlertIndication.AlertingElementFormatNone None
OtherAlertTypestring
DescriptionstringA string describing the Alert type - used when the AlertType property is set to 1, "Other State Change".None TRANSLATABLE= true
ModelCorrespondencestringCIM_AlertIndication.AlertTypeNone None
OtherSeveritystring
DescriptionstringHolds the value of the user defined severity value when 'PerceivedSeverity' is 1 ("Other").None TRANSLATABLE= true
ModelCorrespondencestringCIM_AlertIndication.PerceivedSeverityNone None
OwningEntitystring
DescriptionstringA string that uniquely identifies the entity that owns the definition of the format of the Message described in this instance. OwningEntity MUST include a copyrighted, trademarked or otherwise unique name that is owned by the business entity or standards body defining the format.None TRANSLATABLE= true
ExperimentalbooleantrueTOSUBCLASS= falseNone
PerceivedSeverityuint16
DescriptionstringAn enumerated value that describes the severity of the Alert Indication from the notifier's point of view: 1 - Other, by CIM convention, is used to indicate that the Severity's value can be found in the OtherSeverity property. 3 - Degraded/Warning should be used when its appropriate to let the user decide if action is needed. 4 - Minor should be used to indicate action is needed, but the situation is not serious at this time. 5 - Major should be used to indicate action is needed NOW. 6 - Critical should be used to indicate action is needed NOW and the scope is broad (perhaps an imminent outage to a critical resource will result). 7 - Fatal/NonRecoverable should be used to indicate an error occurred, but it's too late to take remedial action. 2 and 0 - Information and Unknown (respectively) follow common usage. Literally, the AlertIndication is purely informational or its severity is simply unknown.None TRANSLATABLE= true
MappingStringsstringRecommendation.ITU|X733.Perceived severityNone None
OverridestringPerceivedSeverityTOSUBCLASS= falseNone
RequiredbooleantrueNone OVERRIDABLE= false
ValueMapstring0, 1, 2, 3, 4, 5, 6, 7None None
ValuesstringUnknown, Other, Information, Degraded/Warning, Minor, Major, Critical, Fatal/NonRecoverableNone TRANSLATABLE= true
ProbableCauseuint16
DescriptionstringAn enumerated value that describes the probable cause of the situation which resulted in the AlertIndication.None TRANSLATABLE= true
MappingStringsstringRecommendation.ITU|X733.Probable cause, Recommendation.ITU|M3100.probableCause, ITU-IANA-ALARM-TCNone None
ModelCorrespondencestringCIM_AlertIndication.ProbableCauseDescription, CIM_AlertIndication.EventID, CIM_AlertIndication.EventTimeNone None
RequiredbooleantrueNone OVERRIDABLE= false
ValueMapstring0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130None None
ValuesstringUnknown, Other, Adapter/Card Error, Application Subsystem Failure, Bandwidth Reduced, Connection Establishment Error, Communications Protocol Error, Communications Subsystem Failure, Configuration/Customization Error, Congestion, Corrupt Data, CPU Cycles Limit Exceeded, Dataset/Modem Error, Degraded Signal, DTE-DCE Interface Error, Enclosure Door Open, Equipment Malfunction, Excessive Vibration, File Format Error, Fire Detected, Flood Detected, Framing Error, HVAC Problem, Humidity Unacceptable, I/O Device Error, Input Device Error, LAN Error, Non-Toxic Leak Detected, Local Node Transmission Error, Loss of Frame, Loss of Signal, Material Supply Exhausted, Multiplexer Problem, Out of Memory, Output Device Error, Performance Degraded, Power Problem, Pressure Unacceptable, Processor Problem (Internal Machine Error), Pump Failure, Queue Size Exceeded, Receive Failure, Receiver Failure, Remote Node Transmission Error, Resource at or Nearing Capacity, Response Time Excessive, Retransmission Rate Excessive, Software Error, Software Program Abnormally Terminated, Software Program Error (Incorrect Results), Storage Capacity Problem, Temperature Unacceptable, Threshold Crossed, Timing Problem, Toxic Leak Detected, Transmit Failure, Transmitter Failure, Underlying Resource Unavailable, Version MisMatch, Previous Alert Cleared, Login Attempts Failed, Software Virus Detected, Hardware Security Breached, Denial of Service Detected, Security Credential MisMatch, Unauthorized Access, Alarm Received, Loss of Pointer, Payload Mismatch, Transmission Error, Excessive Error Rate, Trace Problem, Element Unavailable, Element Missing, Loss of Multi Frame, Broadcast Channel Failure, Invalid Message Received, Routing Failure, Backplane Failure, Identifier Duplication, Protection Path Failure, Sync Loss or Mismatch, Terminal Problem, Real Time Clock Failure, Antenna Failure, Battery Charging Failure, Disk Failure, Frequency Hopping Failure, Loss of Redundancy, Power Supply Failure, Signal Quality Problem, Battery Discharging, Battery Failure, Commercial Power Problem, Fan Failure, Engine Failure, Sensor Failure, Fuse Failure, Generator Failure, Low Battery, Low Fuel, Low Water, Explosive Gas, High Winds, Ice Buildup, Smoke, Memory Mismatch, Out of CPU Cycles, Software Environment Problem, Software Download Failure, Element Reinitialized, Timeout, Logging Problems, Leak Detected, Protection Mechanism Failure, Protecting Resource Failure, Database Inconsistency, Authentication Failure, Breach of Confidentiality, Cable Tamper, Delayed Information, Duplicate Information, Information Missing, Information Modification, Information Out of Sequence, Key Expired, Non-Repudiation Failure, Out of Hours Activity, Out of Service, Procedural Error, Unexpected InformationNone TRANSLATABLE= true
ProbableCauseDescriptionstring
DescriptionstringProvides additional information related to the ProbableCause.None TRANSLATABLE= true
ModelCorrespondencestringCIM_AlertIndication.ProbableCauseNone None
Protocoluint16
DescriptionstringAn integer indicating the type of network protocol for the traffic associated with this Indication.None TRANSLATABLE= true
RequiredbooleantrueNone OVERRIDABLE= false
ValueMapstring0, 2, 3, 4, 5, 6None None
ValuesstringUnknown, ARP, TCP, UDP, ICMP, IGMPNone TRANSLATABLE= true
ProviderNamestring
DescriptionstringThe name of the Provider generating this Indication.None TRANSLATABLE= true
MaxLenuint32256None None
RecommendedActionsstring
DescriptionstringFree form descriptions of the recommended actions to take to resolve the cause of the notification.None TRANSLATABLE= true
MappingStringsstringRecommendation.ITU|X733.Proposed repair actionsNone None
Resourcesuint16
ArrayTypestringIndexedNone OVERRIDABLE= false
DescriptionstringAn integer indicating the type(s) of resource affected by an attack or probe. When more than one value is used there MAY be a parent/child or hierarchical relationship between values where the more general or parent value is at the lowest index and the more specific or child value(s) are at increasing indices. Values with a parent/child relationship are: Parent - Remote Service Children - Remote Share, Naming Service, DB, FTP, Mail, RPC, Web Parent - Remote Share Children - NFS, SMB, CIFS Parent - Naming Service Children - DNS, LDAP Parent - Application Children - Application Data, Application Configuration Parent - OS Children - OS Kernel, OS Configuration, OS Session, File System, Process, Service, User Account, Privileges, User Policy, Group, Registry, File Parent - Network Device Children - Firewall, Router, Switch For example, DB indicates that an attack was made against a database server, where Mail indicates that some type of email server is affected. DB, DNS, and other values can mean a server or service, e.g. there is no distinction between a DNS server resource and a DNS service resource. Web means a web server/service but more specific resources of this type can be specified using the MoreSpecificResources property, e.g. IIS, Apache, iPlanet, etc.None TRANSLATABLE= true
ModelCorrespondencestringCIM_SecurityIndication.MoreSpecificResourcesNone None
RequiredbooleantrueNone OVERRIDABLE= false
ValueMapstring0, .., 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 16000..None None
ValuesstringUnknown, DMTF Reserved, DB, DNS, FTP, Mail, Web, Host, Firewall, Registry, Network Device, Hardware, User Activity, Cookies, Network Data, Application Data, Application Configuration, OS Kernel, OS Configuration, OS Session, File System, Process, Service, Network Session, URL, User Account, Privileges, User Policy, Group, RPC, SNMP, Remote Service, Remote Share, Naming Service, Application, OS, NFS, SMB, CIFS, CPU, Router, Switch, LDAP, Vendor ReservedNone TRANSLATABLE= true
SourceAddressstring
DescriptionstringThe address for the originator of the network traffic associated with this Indication from the Detector's point of view. This address MUST be identical to the IPv4NumericSourceAddress if both property values are not NULL and the IPVersionSupport property is "IPv4" .None TRANSLATABLE= true
ModelCorrespondencestringCIM_IPNetworkSecurityIndication.IPv4NumericSourceAddress, CIM_IPNetworkSecurityIndication.IPVersionSupportNone None
SourceMACAddressstring
DescriptionstringThe MAC address for the source address for this message from the Detector's point of view.None TRANSLATABLE= true
ModelCorrespondencestringCIM_IPNetworkSecurityIndication.SourceAddress, CIM_IPNetworkSecurityIndication.IPv4NumericSourceAddressNone None
SourcePortuint32
DescriptionstringThe port for the source address for this message from the Detector's point of view.None TRANSLATABLE= true
ModelCorrespondencestringCIM_IPNetworkSecurityIndication.SourceAddress, CIM_IPNetworkSecurityIndication.IPv4NumericSourceAddressNone None
SourcePrefixLengthuint8
DescriptionstringThe prefix length for the IPv6 address for the originator of the network traffic associated with this Indication from the Detector's point of view.None TRANSLATABLE= true
ModelCorrespondencestringCIM_IPNetworkSecurityIndication.SourceAddress, CIM_IPNetworkSecurityIndication.IPVersionSupportNone None
SystemCreationClassNamestring
DescriptionstringThe scoping System's CreationClassName for the Provider generating this Indication.None TRANSLATABLE= true
MaxLenuint32256None None
SystemNamestring
DescriptionstringThe scoping System's Name for the Provider generating this Indication.None TRANSLATABLE= true
MaxLenuint32256None None
DescriptionstringProvides information on trending - trending up, down or no change.None TRANSLATABLE= true
MappingStringsstringRecommendation.ITU|X733.TrendIndicationNone None
ValueMapstring0, 1, 2, 3, 4None None
ValuesstringUnknown, Not Applicable, Trending Up, Trending Down, No ChangeNone TRANSLATABLE= true

Copyright © 2008-2010 VMware, Inc. All rights reserved.