Bug #213
LML rulesets should be updated to use IDMEF Action
Start date:
Due date:
% Done:
0%
Resolution:
Description
Current rulesets (except modsecurity) does not make use of the IDMEF Action class.
4.2.6.2. The Action Class The Action class is used to describe any actions taken by the analyzer in response to the event. category The type of action taken. The permitted values are shown below. The default value is "other". (See also Section 10.) +------+-------------------+----------------------------------------+ | Rank | Keyword | Description | +------+-------------------+----------------------------------------+ | 0 | block-installed | A block of some sort was installed to | | | | prevent an attack from reaching its | | | | destination. The block could be a | | | | port block, address block, etc., or | | | | disabling a user account. | | | | | | 1 | notification-sent | A notification message of some sort | | | | was sent out-of-band (via pager, | | | | e-mail, etc.). Does not include the | | | | transmission of this alert. | | | | | | 2 | taken-offline | A system, computer, or user was taken | | | | offline, as when the computer is shut | | | | down or a user is logged off. | | | | | | 3 | other | Anything not in one of the above | | | | categories. | +------+-------------------+----------------------------------------+ The element itself may be empty, or may contain a textual description of the action, if the analyzer is able to provide additional details.
History
#1 Updated by over 17 years ago
- Status changed from New to Assigned
#2 Updated by Yoann VANDOORSELAERE over 15 years ago
- Project changed from PRELUDE SIEM to Prelude-LML
- Category deleted (
4) - Target version deleted (
93)
#3 Updated by Yoann VANDOORSELAERE over 15 years ago
- Target version set to 0.9.15
#4 Updated by Jean-Charles ROGEZ almost 11 years ago
- Assignee deleted (
59) - Target version changed from 0.9.15 to 121
#5 Updated by Thomas ANDREJAK almost 9 years ago
- Target version changed from 121 to Prelude OSS 3.0.0
#6 Updated by Thomas ANDREJAK over 8 years ago
- Target version changed from Prelude OSS 3.0.0 to Prelude OSS 3.1.0
#7 Updated by Thomas ANDREJAK almost 8 years ago
- Status changed from Assigned to New
- Target version changed from Prelude OSS 3.1.0 to Prelude OSS 4.0.0
#8 Updated by Thomas ANDREJAK almost 7 years ago
- Target version changed from Prelude OSS 4.0.0 to Prelude OSS 4.1.0
#9 Updated by Thomas ANDREJAK over 5 years ago
- Target version changed from Prelude OSS 4.1.0 to Prelude OSS 5.0.0
#10 Updated by Thomas ANDREJAK over 5 years ago
- Target version changed from Prelude OSS 5.0.0 to Prelude OSS 5.1.0