draft-ietf-sacm-information-model-08.txt   draft-ietf-sacm-information-model-09.txt 
SACM D. Waltermire, Ed. SACM D. Waltermire, Ed.
Internet-Draft NIST Internet-Draft NIST
Intended status: Standards Track K. Watson Intended status: Standards Track K. Watson
Expires: June 8, 2017 DHS Expires: September 14, 2017 DHS
C. Kahn C. Kahn
L. Lorenzin L. Lorenzin
Pulse Secure, LLC Pulse Secure, LLC
M. Cokus M. Cokus
D. Haynes D. Haynes
The MITRE Corporation The MITRE Corporation
H. Birkholz H. Birkholz
Fraunhofer SIT Fraunhofer SIT
December 5, 2016 March 13, 2017
SACM Information Model SACM Information Model
draft-ietf-sacm-information-model-08 draft-ietf-sacm-information-model-09
Abstract Abstract
This document defines the Information Elements that are transported This document defines the Information Elements that are transported
between SACM components and their interconnected relationships. The between SACM components and their interconnected relationships. The
primary purpose of the Secure Automation and Continuous Monitoring primary purpose of the Secure Automation and Continuous Monitoring
(SACM) Information Model is to ensure the interoperability of (SACM) Information Model is to ensure the interoperability of
corresponding SACM data models and addresses the use cases defined by corresponding SACM data models and addresses the use cases defined by
SACM. The Information Elements and corresponding types are SACM. The Information Elements and corresponding types are
maintained as the IANA "SACM Information Elements" registry. maintained as the IANA "SACM Information Elements" registry.
skipping to change at page 1, line 45 skipping to change at page 1, line 45
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 8, 2017. This Internet-Draft will expire on September 14, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 3, line 42 skipping to change at page 3, line 42
7.25. bytesSent . . . . . . . . . . . . . . . . . . . . . . . . 37 7.25. bytesSent . . . . . . . . . . . . . . . . . . . . . . . . 37
7.26. certificate . . . . . . . . . . . . . . . . . . . . . . . 38 7.26. certificate . . . . . . . . . . . . . . . . . . . . . . . 38
7.27. collectionTaskType . . . . . . . . . . . . . . . . . . . 38 7.27. collectionTaskType . . . . . . . . . . . . . . . . . . . 38
7.28. confidence . . . . . . . . . . . . . . . . . . . . . . . 38 7.28. confidence . . . . . . . . . . . . . . . . . . . . . . . 38
7.29. contentAction . . . . . . . . . . . . . . . . . . . . . . 38 7.29. contentAction . . . . . . . . . . . . . . . . . . . . . . 38
7.30. countryCode . . . . . . . . . . . . . . . . . . . . . . . 38 7.30. countryCode . . . . . . . . . . . . . . . . . . . . . . . 38
7.31. dataOrigin . . . . . . . . . . . . . . . . . . . . . . . 39 7.31. dataOrigin . . . . . . . . . . . . . . . . . . . . . . . 39
7.32. dataSource . . . . . . . . . . . . . . . . . . . . . . . 39 7.32. dataSource . . . . . . . . . . . . . . . . . . . . . . . 39
7.33. default-depth . . . . . . . . . . . . . . . . . . . . . . 39 7.33. default-depth . . . . . . . . . . . . . . . . . . . . . . 39
7.34. discoverer . . . . . . . . . . . . . . . . . . . . . . . 39 7.34. discoverer . . . . . . . . . . . . . . . . . . . . . . . 39
7.35. emailAddress . . . . . . . . . . . . . . . . . . . . . . 39 7.35. emailAddress . . . . . . . . . . . . . . . . . . . . . . 40
7.36. eventType . . . . . . . . . . . . . . . . . . . . . . . . 40 7.36. eventType . . . . . . . . . . . . . . . . . . . . . . . . 40
7.37. eventThreshold . . . . . . . . . . . . . . . . . . . . . 40 7.37. eventThreshold . . . . . . . . . . . . . . . . . . . . . 40
7.38. eventThresholdName . . . . . . . . . . . . . . . . . . . 40 7.38. eventThresholdName . . . . . . . . . . . . . . . . . . . 40
7.39. eventTrigger . . . . . . . . . . . . . . . . . . . . . . 40 7.39. eventTrigger . . . . . . . . . . . . . . . . . . . . . . 40
7.40. firmwareId . . . . . . . . . . . . . . . . . . . . . . . 41 7.40. firmwareId . . . . . . . . . . . . . . . . . . . . . . . 41
7.41. hostName . . . . . . . . . . . . . . . . . . . . . . . . 41 7.41. hostName . . . . . . . . . . . . . . . . . . . . . . . . 41
7.42. interfaceLabel . . . . . . . . . . . . . . . . . . . . . 41 7.42. interfaceLabel . . . . . . . . . . . . . . . . . . . . . 41
7.43. ipv6AddressSubnetMask . . . . . . . . . . . . . . . . . . 41 7.43. ipv6AddressSubnetMask . . . . . . . . . . . . . . . . . . 41
7.44. ipv6AddressSubnetMaskCidrNotation . . . . . . . . . . . . 41 7.44. ipv6AddressSubnetMaskCidrNotation . . . . . . . . . . . . 41
7.45. ipv6AddressValue . . . . . . . . . . . . . . . . . . . . 42 7.45. ipv6AddressValue . . . . . . . . . . . . . . . . . . . . 42
7.46. ipv4AddressSubnetMask . . . . . . . . . . . . . . . . . . 42 7.46. ipv4AddressSubnetMask . . . . . . . . . . . . . . . . . . 42
7.47. ipv4AddressSubnetMaskCidrNotation . . . . . . . . . . . . 42 7.47. ipv4AddressSubnetMaskCidrNotation . . . . . . . . . . . . 42
7.48. ipv4AddressValue . . . . . . . . . . . . . . . . . . . . 42 7.48. ipv4AddressValue . . . . . . . . . . . . . . . . . . . . 42
7.49. layer2InterfaceType . . . . . . . . . . . . . . . . . . . 42 7.49. layer2InterfaceType . . . . . . . . . . . . . . . . . . . 42
7.50. layer4PortAddress . . . . . . . . . . . . . . . . . . . . 42 7.50. layer4PortAddress . . . . . . . . . . . . . . . . . . . . 42
7.51. layer4Protocol . . . . . . . . . . . . . . . . . . . . . 43 7.51. layer4Protocol . . . . . . . . . . . . . . . . . . . . . 43
7.52. locationName . . . . . . . . . . . . . . . . . . . . . . 43 7.52. locationName . . . . . . . . . . . . . . . . . . . . . . 43
7.53. macAddressValue . . . . . . . . . . . . . . . . . . . . . 43 7.53. networkZoneLocation . . . . . . . . . . . . . . . . . . . 43
7.54. methodLabel . . . . . . . . . . . . . . . . . . . . . . . 43 7.54. layer2NetworkLocation . . . . . . . . . . . . . . . . . . 43
7.55. methodRepository . . . . . . . . . . . . . . . . . . . . 44 7.55. layer3NetworkLocation . . . . . . . . . . . . . . . . . . 44
7.56. networkAccessLevelType . . . . . . . . . . . . . . . . . 44 7.56. macAddressValue . . . . . . . . . . . . . . . . . . . . . 44
7.57. networkId . . . . . . . . . . . . . . . . . . . . . . . . 44 7.57. methodLabel . . . . . . . . . . . . . . . . . . . . . . . 44
7.58. networkInterfaceName . . . . . . . . . . . . . . . . . . 44 7.58. methodRepository . . . . . . . . . . . . . . . . . . . . 44
7.59. networkLayer . . . . . . . . . . . . . . . . . . . . . . 44 7.59. networkAccessLevelType . . . . . . . . . . . . . . . . . 44
7.60. networkName . . . . . . . . . . . . . . . . . . . . . . . 45 7.60. networkId . . . . . . . . . . . . . . . . . . . . . . . . 45
7.61. organizationId . . . . . . . . . . . . . . . . . . . . . 45 7.61. networkInterfaceName . . . . . . . . . . . . . . . . . . 45
7.62. osComponent . . . . . . . . . . . . . . . . . . . . . . . 45 7.62. networkLayer . . . . . . . . . . . . . . . . . . . . . . 45
7.63. osLabel . . . . . . . . . . . . . . . . . . . . . . . . . 45 7.63. networkName . . . . . . . . . . . . . . . . . . . . . . . 45
7.64. osName . . . . . . . . . . . . . . . . . . . . . . . . . 45 7.64. organizationId . . . . . . . . . . . . . . . . . . . . . 45
7.65. osType . . . . . . . . . . . . . . . . . . . . . . . . . 46 7.65. patchId . . . . . . . . . . . . . . . . . . . . . . . . . 46
7.66. osVersion . . . . . . . . . . . . . . . . . . . . . . . . 46 7.66. patchName . . . . . . . . . . . . . . . . . . . . . . . . 46
7.67. patchId . . . . . . . . . . . . . . . . . . . . . . . . . 46 7.67. personFirstName . . . . . . . . . . . . . . . . . . . . . 46
7.68. patchName . . . . . . . . . . . . . . . . . . . . . . . . 46 7.68. personLastName . . . . . . . . . . . . . . . . . . . . . 46
7.69. personFirstName . . . . . . . . . . . . . . . . . . . . . 46 7.69. personMiddleName . . . . . . . . . . . . . . . . . . . . 46
7.70. personLastName . . . . . . . . . . . . . . . . . . . . . 47 7.70. phoneNumber . . . . . . . . . . . . . . . . . . . . . . . 46
7.71. personMiddleName . . . . . . . . . . . . . . . . . . . . 47 7.71. phoneNumberType . . . . . . . . . . . . . . . . . . . . . 47
7.72. phoneNumber . . . . . . . . . . . . . . . . . . . . . . . 47 7.72. privilegeName . . . . . . . . . . . . . . . . . . . . . . 47
7.73. phoneNumberType . . . . . . . . . . . . . . . . . . . . . 47 7.73. privilegeValue . . . . . . . . . . . . . . . . . . . . . 47
7.74. privilegeName . . . . . . . . . . . . . . . . . . . . . . 47 7.74. protocol . . . . . . . . . . . . . . . . . . . . . . . . 47
7.75. privilegeValue . . . . . . . . . . . . . . . . . . . . . 48 7.75. publicKey . . . . . . . . . . . . . . . . . . . . . . . . 48
7.76. protocol . . . . . . . . . . . . . . . . . . . . . . . . 48 7.76. relationshipContentElementGuid . . . . . . . . . . . . . 48
7.77. publicKey . . . . . . . . . . . . . . . . . . . . . . . . 48 7.77. relationshipStatementElementGuid . . . . . . . . . . . . 48
7.78. relationshipContentElementGuid . . . . . . . . . . . . . 48 7.78. relationshipObjectLabel . . . . . . . . . . . . . . . . . 48
7.79. relationshipStatementElementGuid . . . . . . . . . . . . 48 7.79. relationshipType . . . . . . . . . . . . . . . . . . . . 48
7.80. relationshipObjectLabel . . . . . . . . . . . . . . . . . 49 7.80. roleName . . . . . . . . . . . . . . . . . . . . . . . . 49
7.81. relationshipType . . . . . . . . . . . . . . . . . . . . 49 7.81. sessionStateType . . . . . . . . . . . . . . . . . . . . 49
7.82. roleName . . . . . . . . . . . . . . . . . . . . . . . . 49 7.82. statementGuid . . . . . . . . . . . . . . . . . . . . . . 49
7.83. sessionStateType . . . . . . . . . . . . . . . . . . . . 49 7.83. statementType . . . . . . . . . . . . . . . . . . . . . . 49
7.84. statementGuid . . . . . . . . . . . . . . . . . . . . . . 50 7.84. status . . . . . . . . . . . . . . . . . . . . . . . . . 50
7.85. statementType . . . . . . . . . . . . . . . . . . . . . . 50 7.85. subAdministrativeDomain . . . . . . . . . . . . . . . . . 50
7.86. status . . . . . . . . . . . . . . . . . . . . . . . . . 50 7.86. subInterfaceLabel . . . . . . . . . . . . . . . . . . . . 50
7.87. subAdministrativeDomain . . . . . . . . . . . . . . . . . 50 7.87. superAdministrativeDomain . . . . . . . . . . . . . . . . 50
7.88. subInterfaceLabel . . . . . . . . . . . . . . . . . . . . 50 7.88. superInterfaceLabel . . . . . . . . . . . . . . . . . . . 51
7.89. superAdministrativeDomain . . . . . . . . . . . . . . . . 51 7.89. teAssessmentState . . . . . . . . . . . . . . . . . . . . 51
7.90. superInterfaceLabel . . . . . . . . . . . . . . . . . . . 51 7.90. teLabel . . . . . . . . . . . . . . . . . . . . . . . . . 51
7.91. teAssessmentState . . . . . . . . . . . . . . . . . . . . 51 7.91. teId . . . . . . . . . . . . . . . . . . . . . . . . . . 51
7.92. teLabel . . . . . . . . . . . . . . . . . . . . . . . . . 51 7.92. timestampType . . . . . . . . . . . . . . . . . . . . . . 51
7.93. teId . . . . . . . . . . . . . . . . . . . . . . . . . . 52 7.93. unitsReceived . . . . . . . . . . . . . . . . . . . . . . 52
7.94. timestampType . . . . . . . . . . . . . . . . . . . . . . 52 7.94. unitsSent . . . . . . . . . . . . . . . . . . . . . . . . 52
7.95. unitsReceived . . . . . . . . . . . . . . . . . . . . . . 52 7.95. userDirectory . . . . . . . . . . . . . . . . . . . . . . 52
7.96. unitsSent . . . . . . . . . . . . . . . . . . . . . . . . 52 7.96. sacmUserId . . . . . . . . . . . . . . . . . . . . . . . 52
7.97. userDirectory . . . . . . . . . . . . . . . . . . . . . . 53 7.97. webSite . . . . . . . . . . . . . . . . . . . . . . . . . 53
7.98. sacmUserId . . . . . . . . . . . . . . . . . . . . . . . 53 7.98. WGS84Longitude . . . . . . . . . . . . . . . . . . . . . 53
7.99. webSite . . . . . . . . . . . . . . . . . . . . . . . . . 53 7.99. WGS84Latitude . . . . . . . . . . . . . . . . . . . . . . 53
7.100. WGS84Longitude . . . . . . . . . . . . . . . . . . . . . 53 7.100. WGS84Altitude . . . . . . . . . . . . . . . . . . . . . 53
7.101. WGS84Latitude . . . . . . . . . . . . . . . . . . . . . 54 7.101. hardwareSerialNumber . . . . . . . . . . . . . . . . . . 53
7.102. WGS84Altitude . . . . . . . . . . . . . . . . . . . . . 54 7.102. interfaceName . . . . . . . . . . . . . . . . . . . . . 54
7.103. hardwareSerialNumber . . . . . . . . . . . . . . . . . . 54 7.103. interfaceIndex . . . . . . . . . . . . . . . . . . . . . 54
7.104. interfaceName . . . . . . . . . . . . . . . . . . . . . 54 7.104. interfaceMacAddress . . . . . . . . . . . . . . . . . . 54
7.105. interfaceIndex . . . . . . . . . . . . . . . . . . . . . 54 7.105. interfaceType . . . . . . . . . . . . . . . . . . . . . 54
7.106. interfaceMacAddress . . . . . . . . . . . . . . . . . . 55 7.106. interfaceFlags . . . . . . . . . . . . . . . . . . . . . 54
7.107. interfaceType . . . . . . . . . . . . . . . . . . . . . 55 7.107. networkInterface . . . . . . . . . . . . . . . . . . . . 55
7.108. interfaceFlags . . . . . . . . . . . . . . . . . . . . . 55 7.108. softwareIdentifier . . . . . . . . . . . . . . . . . . . 55
7.109. networkInterface . . . . . . . . . . . . . . . . . . . . 56 7.109. softwareTitle . . . . . . . . . . . . . . . . . . . . . 55
7.110. softwareIdentifier . . . . . . . . . . . . . . . . . . . 56 7.110. softwareCreator . . . . . . . . . . . . . . . . . . . . 56
7.111. softwareTitle . . . . . . . . . . . . . . . . . . . . . 56 7.111. simpleSoftwareVersion . . . . . . . . . . . . . . . . . 56
7.112. softwareCreator . . . . . . . . . . . . . . . . . . . . 57 7.112. rpmSoftwareVersion . . . . . . . . . . . . . . . . . . . 56
7.113. simpleSoftwareVersion . . . . . . . . . . . . . . . . . 57 7.113. ciscoTrainSoftwareVersion . . . . . . . . . . . . . . . 56
7.114. rpmSoftwareVersion . . . . . . . . . . . . . . . . . . . 57 7.114. softwareVersion . . . . . . . . . . . . . . . . . . . . 56
7.115. ciscoTrainSoftwareVersion . . . . . . . . . . . . . . . 57 7.115. softwareLastUpdated . . . . . . . . . . . . . . . . . . 57
7.116. softwareVersion . . . . . . . . . . . . . . . . . . . . 57 7.116. softwareClass . . . . . . . . . . . . . . . . . . . . . 57
7.117. softwareLastUpdated . . . . . . . . . . . . . . . . . . 58 7.117. softwareInstance . . . . . . . . . . . . . . . . . . . . 58
7.118. softwareInstance . . . . . . . . . . . . . . . . . . . . 58 7.118. globallyUniqueIdentifier . . . . . . . . . . . . . . . . 58
7.119. globallyUniqueIdentifier . . . . . . . . . . . . . . . . 58 7.119. creationTimestamp . . . . . . . . . . . . . . . . . . . 58
7.120. creationTimestamp . . . . . . . . . . . . . . . . . . . 59 7.120. collectionTimestamp . . . . . . . . . . . . . . . . . . 58
7.121. collectionTimestamp . . . . . . . . . . . . . . . . . . 59 7.121. publicationTimestamp . . . . . . . . . . . . . . . . . . 58
7.122. publicationTimestamp . . . . . . . . . . . . . . . . . . 59 7.122. relayTimestamp . . . . . . . . . . . . . . . . . . . . . 59
7.123. relayTimestamp . . . . . . . . . . . . . . . . . . . . . 59 7.123. storageTimestamp . . . . . . . . . . . . . . . . . . . . 59
7.124. storageTimestamp . . . . . . . . . . . . . . . . . . . . 59 7.124. type . . . . . . . . . . . . . . . . . . . . . . . . . . 59
7.125. type . . . . . . . . . . . . . . . . . . . . . . . . . . 60 7.125. protocolIdentifier . . . . . . . . . . . . . . . . . . . 59
7.126. protocolIdentifier . . . . . . . . . . . . . . . . . . . 60 7.126. sourceTransportPort . . . . . . . . . . . . . . . . . . 60
7.127. sourceTransportPort . . . . . . . . . . . . . . . . . . 60 7.127. sourceIPv4PrefixLength . . . . . . . . . . . . . . . . . 60
7.128. sourceIPv4PrefixLength . . . . . . . . . . . . . . . . . 60 7.128. ingressInterface . . . . . . . . . . . . . . . . . . . . 60
7.129. ingressInterface . . . . . . . . . . . . . . . . . . . . 61 7.129. destinationTransportPort . . . . . . . . . . . . . . . . 61
7.130. destinationTransportPort . . . . . . . . . . . . . . . . 61 7.130. sourceIPv6PrefixLength . . . . . . . . . . . . . . . . . 61
7.131. sourceIPv6PrefixLength . . . . . . . . . . . . . . . . . 61 7.131. sourceIPv4Prefix . . . . . . . . . . . . . . . . . . . . 61
7.132. sourceIPv4Prefix . . . . . . . . . . . . . . . . . . . . 61 7.132. destinationIPv4Prefix . . . . . . . . . . . . . . . . . 61
7.133. destinationIPv4Prefix . . . . . . . . . . . . . . . . . 62 7.133. sourceMacAddress . . . . . . . . . . . . . . . . . . . . 62
7.134. sourceMacAddress . . . . . . . . . . . . . . . . . . . . 62 7.134. ipVersion . . . . . . . . . . . . . . . . . . . . . . . 62
7.135. ipVersion . . . . . . . . . . . . . . . . . . . . . . . 62 7.135. interfaceDescription . . . . . . . . . . . . . . . . . . 62
7.136. interfaceDescription . . . . . . . . . . . . . . . . . . 62 7.136. applicationDescription . . . . . . . . . . . . . . . . . 62
7.137. applicationDescription . . . . . . . . . . . . . . . . . 62 7.137. applicationId . . . . . . . . . . . . . . . . . . . . . 62
7.138. applicationId . . . . . . . . . . . . . . . . . . . . . 62 7.138. applicationName . . . . . . . . . . . . . . . . . . . . 63
7.139. applicationName . . . . . . . . . . . . . . . . . . . . 63 7.139. exporterIPv4Address . . . . . . . . . . . . . . . . . . 63
7.140. exporterIPv4Address . . . . . . . . . . . . . . . . . . 63 7.140. exporterIPv6Address . . . . . . . . . . . . . . . . . . 63
7.141. exporterIPv6Address . . . . . . . . . . . . . . . . . . 63 7.141. portId . . . . . . . . . . . . . . . . . . . . . . . . . 63
7.142. portId . . . . . . . . . . . . . . . . . . . . . . . . . 63 7.142. templateId . . . . . . . . . . . . . . . . . . . . . . . 63
7.143. templateId . . . . . . . . . . . . . . . . . . . . . . . 64 7.143. collectorIPv4Address . . . . . . . . . . . . . . . . . . 64
7.144. collectorIPv4Address . . . . . . . . . . . . . . . . . . 64 7.144. collectorIPv6Address . . . . . . . . . . . . . . . . . . 64
7.145. collectorIPv6Address . . . . . . . . . . . . . . . . . . 64 7.145. informationElementIndex . . . . . . . . . . . . . . . . 64
7.146. informationElementIndex . . . . . . . . . . . . . . . . 64 7.146. informationElementId . . . . . . . . . . . . . . . . . . 65
7.147. informationElementId . . . . . . . . . . . . . . . . . . 65 7.147. informationElementDataType . . . . . . . . . . . . . . . 65
7.148. informationElementDataType . . . . . . . . . . . . . . . 65 7.148. informationElementDescription . . . . . . . . . . . . . 65
7.149. informationElementDescription . . . . . . . . . . . . . 65 7.149. informationElementName . . . . . . . . . . . . . . . . . 66
7.150. informationElementName . . . . . . . . . . . . . . . . . 66 7.150. informationElementRangeBegin . . . . . . . . . . . . . . 66
7.151. informationElementRangeBegin . . . . . . . . . . . . . . 66 7.151. informationElementRangeEnd . . . . . . . . . . . . . . . 66
7.152. informationElementRangeEnd . . . . . . . . . . . . . . . 66 7.152. informationElementSemantics . . . . . . . . . . . . . . 67
7.153. informationElementSemantics . . . . . . . . . . . . . . 67 7.153. informationElementUnits . . . . . . . . . . . . . . . . 67
7.154. informationElementUnits . . . . . . . . . . . . . . . . 67 7.154. applicationCategoryName . . . . . . . . . . . . . . . . 68
7.155. applicationCategoryName . . . . . . . . . . . . . . . . 68 7.155. mibObjectValueInteger . . . . . . . . . . . . . . . . . 68
7.156. mibObjectValueInteger . . . . . . . . . . . . . . . . . 68 7.156. mibObjectValueOctetString . . . . . . . . . . . . . . . 69
7.157. mibObjectValueOctetString . . . . . . . . . . . . . . . 69 7.157. mibObjectValueOID . . . . . . . . . . . . . . . . . . . 69
7.158. mibObjectValueOID . . . . . . . . . . . . . . . . . . . 69 7.158. mibObjectValueBits . . . . . . . . . . . . . . . . . . . 69
7.159. mibObjectValueBits . . . . . . . . . . . . . . . . . . . 69 7.159. mibObjectValueIPAddress . . . . . . . . . . . . . . . . 70
7.160. mibObjectValueIPAddress . . . . . . . . . . . . . . . . 70 7.160. mibObjectValueCounter . . . . . . . . . . . . . . . . . 70
7.161. mibObjectValueCounter . . . . . . . . . . . . . . . . . 70 7.161. mibObjectValueGauge . . . . . . . . . . . . . . . . . . 71
7.162. mibObjectValueGauge . . . . . . . . . . . . . . . . . . 71 7.162. mibObjectValueTimeTicks . . . . . . . . . . . . . . . . 71
7.163. mibObjectValueTimeTicks . . . . . . . . . . . . . . . . 71 7.163. mibObjectValueUnsigned . . . . . . . . . . . . . . . . . 72
7.164. mibObjectValueUnsigned . . . . . . . . . . . . . . . . . 72 7.164. mibObjectValueTable . . . . . . . . . . . . . . . . . . 72
7.165. mibObjectValueTable . . . . . . . . . . . . . . . . . . 72 7.165. mibObjectValueRow . . . . . . . . . . . . . . . . . . . 72
7.166. mibObjectValueRow . . . . . . . . . . . . . . . . . . . 72 7.166. mibObjectIdentifier . . . . . . . . . . . . . . . . . . 73
7.167. mibObjectIdentifier . . . . . . . . . . . . . . . . . . 73 7.167. mibSubIdentifier . . . . . . . . . . . . . . . . . . . . 73
7.168. mibSubIdentifier . . . . . . . . . . . . . . . . . . . . 73 7.168. mibIndexIndicator . . . . . . . . . . . . . . . . . . . 73
7.169. mibIndexIndicator . . . . . . . . . . . . . . . . . . . 73 7.169. mibCaptureTimeSemantics . . . . . . . . . . . . . . . . 74
7.170. mibCaptureTimeSemantics . . . . . . . . . . . . . . . . 74 7.170. mibContextEngineID . . . . . . . . . . . . . . . . . . . 75
7.171. mibContextEngineID . . . . . . . . . . . . . . . . . . . 75 7.171. mibContextName . . . . . . . . . . . . . . . . . . . . . 76
7.172. mibContextName . . . . . . . . . . . . . . . . . . . . . 76 7.172. mibObjectName . . . . . . . . . . . . . . . . . . . . . 76
7.173. mibObjectName . . . . . . . . . . . . . . . . . . . . . 76 7.173. mibObjectDescription . . . . . . . . . . . . . . . . . . 76
7.174. mibObjectDescription . . . . . . . . . . . . . . . . . . 76 7.174. mibObjectSyntax . . . . . . . . . . . . . . . . . . . . 76
7.175. mibObjectSyntax . . . . . . . . . . . . . . . . . . . . 76 7.175. mibModuleName . . . . . . . . . . . . . . . . . . . . . 76
7.176. mibModuleName . . . . . . . . . . . . . . . . . . . . . 76 7.176. interface . . . . . . . . . . . . . . . . . . . . . . . 77
7.177. interface . . . . . . . . . . . . . . . . . . . . . . . 77 7.177. iflisteners . . . . . . . . . . . . . . . . . . . . . . 77
7.178. iflisteners . . . . . . . . . . . . . . . . . . . . . . 77 7.178. physicalProtocol . . . . . . . . . . . . . . . . . . . . 77
7.179. physicalProtocol . . . . . . . . . . . . . . . . . . . . 77 7.179. hwAddress . . . . . . . . . . . . . . . . . . . . . . . 78
7.180. hwAddress . . . . . . . . . . . . . . . . . . . . . . . 78 7.180. programName . . . . . . . . . . . . . . . . . . . . . . 79
7.181. programName . . . . . . . . . . . . . . . . . . . . . . 79 7.181. userId . . . . . . . . . . . . . . . . . . . . . . . . . 79
7.182. userId . . . . . . . . . . . . . . . . . . . . . . . . . 79 7.182. inetlisteningserver . . . . . . . . . . . . . . . . . . 79
7.183. inetlisteningserver . . . . . . . . . . . . . . . . . . 79 7.183. transportProtocol . . . . . . . . . . . . . . . . . . . 79
7.184. transportProtocol . . . . . . . . . . . . . . . . . . . 79 7.184. localAddress . . . . . . . . . . . . . . . . . . . . . . 79
7.185. localAddress . . . . . . . . . . . . . . . . . . . . . . 79 7.185. localPort . . . . . . . . . . . . . . . . . . . . . . . 80
7.186. localPort . . . . . . . . . . . . . . . . . . . . . . . 80 7.186. localFullAddress . . . . . . . . . . . . . . . . . . . . 80
7.187. localFullAddress . . . . . . . . . . . . . . . . . . . . 80 7.187. foreignAddress . . . . . . . . . . . . . . . . . . . . . 80
7.188. foreignAddress . . . . . . . . . . . . . . . . . . . . . 80 7.188. foreignFullAddress . . . . . . . . . . . . . . . . . . . 80
7.189. foreignFullAddress . . . . . . . . . . . . . . . . . . . 80 7.189. selinuxboolean . . . . . . . . . . . . . . . . . . . . . 80
7.190. selinuxboolean . . . . . . . . . . . . . . . . . . . . . 80 7.190. selinuxName . . . . . . . . . . . . . . . . . . . . . . 81
7.191. selinuxName . . . . . . . . . . . . . . . . . . . . . . 81 7.191. currentStatus . . . . . . . . . . . . . . . . . . . . . 81
7.192. currentStatus . . . . . . . . . . . . . . . . . . . . . 81 7.192. pendingStatus . . . . . . . . . . . . . . . . . . . . . 81
7.193. pendingStatus . . . . . . . . . . . . . . . . . . . . . 81 7.193. selinuxsecuritycontext . . . . . . . . . . . . . . . . . 81
7.194. selinuxsecuritycontext . . . . . . . . . . . . . . . . . 81 7.194. filepath . . . . . . . . . . . . . . . . . . . . . . . . 82
7.195. filepath . . . . . . . . . . . . . . . . . . . . . . . . 82 7.195. path . . . . . . . . . . . . . . . . . . . . . . . . . . 82
7.196. path . . . . . . . . . . . . . . . . . . . . . . . . . . 82 7.196. filename . . . . . . . . . . . . . . . . . . . . . . . . 82
7.197. filename . . . . . . . . . . . . . . . . . . . . . . . . 82 7.197. pid . . . . . . . . . . . . . . . . . . . . . . . . . . 82
7.198. pid . . . . . . . . . . . . . . . . . . . . . . . . . . 82 7.198. role . . . . . . . . . . . . . . . . . . . . . . . . . . 82
7.199. role . . . . . . . . . . . . . . . . . . . . . . . . . . 82 7.199. domainType . . . . . . . . . . . . . . . . . . . . . . . 83
7.200. domainType . . . . . . . . . . . . . . . . . . . . . . . 83 7.200. lowSensitivity . . . . . . . . . . . . . . . . . . . . . 83
7.201. lowSensitivity . . . . . . . . . . . . . . . . . . . . . 83 7.201. lowCategory . . . . . . . . . . . . . . . . . . . . . . 83
7.202. lowCategory . . . . . . . . . . . . . . . . . . . . . . 83 7.202. highSensitivity . . . . . . . . . . . . . . . . . . . . 83
7.203. highSensitivity . . . . . . . . . . . . . . . . . . . . 83 7.203. highCategory . . . . . . . . . . . . . . . . . . . . . . 83
7.204. highCategory . . . . . . . . . . . . . . . . . . . . . . 83 7.204. rawlowSensitivity . . . . . . . . . . . . . . . . . . . 84
7.205. rawlowSensitivity . . . . . . . . . . . . . . . . . . . 84 7.205. rawlowCategory . . . . . . . . . . . . . . . . . . . . . 84
7.206. rawlowCategory . . . . . . . . . . . . . . . . . . . . . 84 7.206. rawhighSensitivity . . . . . . . . . . . . . . . . . . . 84
7.207. rawhighSensitivity . . . . . . . . . . . . . . . . . . . 84 7.207. rawhighCategory . . . . . . . . . . . . . . . . . . . . 84
7.208. rawhighCategory . . . . . . . . . . . . . . . . . . . . 84 7.208. systemdunitdependency . . . . . . . . . . . . . . . . . 84
7.209. systemdunitdependency . . . . . . . . . . . . . . . . . 84 7.209. unit . . . . . . . . . . . . . . . . . . . . . . . . . . 85
7.210. unit . . . . . . . . . . . . . . . . . . . . . . . . . . 85 7.210. dependency . . . . . . . . . . . . . . . . . . . . . . . 85
7.211. dependency . . . . . . . . . . . . . . . . . . . . . . . 85 7.211. systemdunitproperty . . . . . . . . . . . . . . . . . . 85
7.212. systemdunitproperty . . . . . . . . . . . . . . . . . . 85 7.212. property . . . . . . . . . . . . . . . . . . . . . . . . 85
7.213. property . . . . . . . . . . . . . . . . . . . . . . . . 85 7.213. systemdunitValue . . . . . . . . . . . . . . . . . . . . 85
7.214. systemdunitValue . . . . . . . . . . . . . . . . . . . . 85 7.214. file . . . . . . . . . . . . . . . . . . . . . . . . . . 86
7.215. file . . . . . . . . . . . . . . . . . . . . . . . . . . 86 7.215. fileType . . . . . . . . . . . . . . . . . . . . . . . . 86
7.216. fileType . . . . . . . . . . . . . . . . . . . . . . . . 86 7.216. groupId . . . . . . . . . . . . . . . . . . . . . . . . 86
7.217. groupId . . . . . . . . . . . . . . . . . . . . . . . . 86 7.217. aTime . . . . . . . . . . . . . . . . . . . . . . . . . 86
7.218. aTime . . . . . . . . . . . . . . . . . . . . . . . . . 86 7.218. cTime . . . . . . . . . . . . . . . . . . . . . . . . . 86
7.219. cTime . . . . . . . . . . . . . . . . . . . . . . . . . 86 7.219. mTime . . . . . . . . . . . . . . . . . . . . . . . . . 87
7.220. mTime . . . . . . . . . . . . . . . . . . . . . . . . . 87 7.220. size . . . . . . . . . . . . . . . . . . . . . . . . . . 87
7.221. size . . . . . . . . . . . . . . . . . . . . . . . . . . 87 7.221. suid . . . . . . . . . . . . . . . . . . . . . . . . . . 87
7.222. suid . . . . . . . . . . . . . . . . . . . . . . . . . . 87 7.222. sgid . . . . . . . . . . . . . . . . . . . . . . . . . . 87
7.223. sgid . . . . . . . . . . . . . . . . . . . . . . . . . . 87 7.223. sticky . . . . . . . . . . . . . . . . . . . . . . . . . 87
7.224. sticky . . . . . . . . . . . . . . . . . . . . . . . . . 87 7.224. hasExtendedAcl . . . . . . . . . . . . . . . . . . . . . 88
7.225. hasExtendedAcl . . . . . . . . . . . . . . . . . . . . . 88 7.225. inetd . . . . . . . . . . . . . . . . . . . . . . . . . 88
7.226. inetd . . . . . . . . . . . . . . . . . . . . . . . . . 88 7.226. serverProgram . . . . . . . . . . . . . . . . . . . . . 88
7.227. serverProgram . . . . . . . . . . . . . . . . . . . . . 88 7.227. endpointType . . . . . . . . . . . . . . . . . . . . . . 88
7.228. endpointType . . . . . . . . . . . . . . . . . . . . . . 88 7.228. execAsUser . . . . . . . . . . . . . . . . . . . . . . . 89
7.229. execAsUser . . . . . . . . . . . . . . . . . . . . . . . 89 7.229. waitStatus . . . . . . . . . . . . . . . . . . . . . . . 89
7.230. waitStatus . . . . . . . . . . . . . . . . . . . . . . . 89 7.230. inetAddr . . . . . . . . . . . . . . . . . . . . . . . . 90
7.231. inetAddr . . . . . . . . . . . . . . . . . . . . . . . . 90 7.231. netmask . . . . . . . . . . . . . . . . . . . . . . . . 90
7.232. netmask . . . . . . . . . . . . . . . . . . . . . . . . 90 7.232. passwordInfo . . . . . . . . . . . . . . . . . . . . . . 90
7.233. passwordInfo . . . . . . . . . . . . . . . . . . . . . . 90 7.233. username . . . . . . . . . . . . . . . . . . . . . . . . 91
7.234. username . . . . . . . . . . . . . . . . . . . . . . . . 91 7.234. password . . . . . . . . . . . . . . . . . . . . . . . . 91
7.235. password . . . . . . . . . . . . . . . . . . . . . . . . 91 7.235. gcos . . . . . . . . . . . . . . . . . . . . . . . . . . 91
7.236. gcos . . . . . . . . . . . . . . . . . . . . . . . . . . 91 7.236. homeDir . . . . . . . . . . . . . . . . . . . . . . . . 91
7.237. homeDir . . . . . . . . . . . . . . . . . . . . . . . . 91 7.237. loginShell . . . . . . . . . . . . . . . . . . . . . . . 91
7.238. loginShell . . . . . . . . . . . . . . . . . . . . . . . 91 7.238. lastLogin . . . . . . . . . . . . . . . . . . . . . . . 92
7.239. lastLogin . . . . . . . . . . . . . . . . . . . . . . . 92 7.239. process . . . . . . . . . . . . . . . . . . . . . . . . 92
7.240. process . . . . . . . . . . . . . . . . . . . . . . . . 92 7.240. commandLine . . . . . . . . . . . . . . . . . . . . . . 92
7.241. commandLine . . . . . . . . . . . . . . . . . . . . . . 92 7.241. ppid . . . . . . . . . . . . . . . . . . . . . . . . . . 92
7.242. ppid . . . . . . . . . . . . . . . . . . . . . . . . . . 92 7.242. priority . . . . . . . . . . . . . . . . . . . . . . . . 93
7.243. priority . . . . . . . . . . . . . . . . . . . . . . . . 93 7.243. startTime . . . . . . . . . . . . . . . . . . . . . . . 93
7.244. startTime . . . . . . . . . . . . . . . . . . . . . . . 93 7.244. routingtable . . . . . . . . . . . . . . . . . . . . . . 93
7.245. routingtable . . . . . . . . . . . . . . . . . . . . . . 93 7.245. destination . . . . . . . . . . . . . . . . . . . . . . 93
7.246. destination . . . . . . . . . . . . . . . . . . . . . . 93 7.246. gateway . . . . . . . . . . . . . . . . . . . . . . . . 93
7.247. gateway . . . . . . . . . . . . . . . . . . . . . . . . 93 7.247. runlevelInfo . . . . . . . . . . . . . . . . . . . . . . 94
7.248. runlevelInfo . . . . . . . . . . . . . . . . . . . . . . 94 7.248. runlevel . . . . . . . . . . . . . . . . . . . . . . . . 94
7.249. runlevel . . . . . . . . . . . . . . . . . . . . . . . . 94 7.249. start . . . . . . . . . . . . . . . . . . . . . . . . . 94
7.250. start . . . . . . . . . . . . . . . . . . . . . . . . . 94 7.250. kill . . . . . . . . . . . . . . . . . . . . . . . . . . 94
7.251. kill . . . . . . . . . . . . . . . . . . . . . . . . . . 94 7.251. shadowItem . . . . . . . . . . . . . . . . . . . . . . . 94
7.252. shadowItem . . . . . . . . . . . . . . . . . . . . . . . 94 7.252. chgLst . . . . . . . . . . . . . . . . . . . . . . . . . 95
7.253. chgLst . . . . . . . . . . . . . . . . . . . . . . . . . 95 7.253. chgAllow . . . . . . . . . . . . . . . . . . . . . . . . 95
7.254. chgAllow . . . . . . . . . . . . . . . . . . . . . . . . 95 7.254. chgReq . . . . . . . . . . . . . . . . . . . . . . . . . 95
7.255. chgReq . . . . . . . . . . . . . . . . . . . . . . . . . 95 7.255. expWarn . . . . . . . . . . . . . . . . . . . . . . . . 95
7.256. expWarn . . . . . . . . . . . . . . . . . . . . . . . . 95 7.256. expInact . . . . . . . . . . . . . . . . . . . . . . . . 95
7.257. expInact . . . . . . . . . . . . . . . . . . . . . . . . 95 7.257. expDate . . . . . . . . . . . . . . . . . . . . . . . . 96
7.258. expDate . . . . . . . . . . . . . . . . . . . . . . . . 96 7.258. encryptMethod . . . . . . . . . . . . . . . . . . . . . 96
7.259. encryptMethod . . . . . . . . . . . . . . . . . . . . . 96 7.259. symlink . . . . . . . . . . . . . . . . . . . . . . . . 96
7.260. symlink . . . . . . . . . . . . . . . . . . . . . . . . 96 7.260. symlinkFilepath . . . . . . . . . . . . . . . . . . . . 96
7.261. symlinkFilepath . . . . . . . . . . . . . . . . . . . . 96 7.261. canonicalPath . . . . . . . . . . . . . . . . . . . . . 97
7.262. canonicalPath . . . . . . . . . . . . . . . . . . . . . 97 7.262. sysctl . . . . . . . . . . . . . . . . . . . . . . . . . 97
7.263. sysctl . . . . . . . . . . . . . . . . . . . . . . . . . 97 7.263. kernelParameterName . . . . . . . . . . . . . . . . . . 97
7.264. kernelParameterName . . . . . . . . . . . . . . . . . . 97 7.264. kernelParameterValue . . . . . . . . . . . . . . . . . . 97
7.265. kernelParameterValue . . . . . . . . . . . . . . . . . . 97 7.265. uname . . . . . . . . . . . . . . . . . . . . . . . . . 98
7.266. uname . . . . . . . . . . . . . . . . . . . . . . . . . 98 7.266. machineClass . . . . . . . . . . . . . . . . . . . . . . 98
7.267. machineClass . . . . . . . . . . . . . . . . . . . . . . 98 7.267. nodeName . . . . . . . . . . . . . . . . . . . . . . . . 98
7.268. nodeName . . . . . . . . . . . . . . . . . . . . . . . . 98 7.268. osName . . . . . . . . . . . . . . . . . . . . . . . . . 98
7.269. osName . . . . . . . . . . . . . . . . . . . . . . . . . 98 7.269. osRelease . . . . . . . . . . . . . . . . . . . . . . . 98
7.270. osRelease . . . . . . . . . . . . . . . . . . . . . . . 98 7.270. processorType . . . . . . . . . . . . . . . . . . . . . 99
7.271. processorType . . . . . . . . . . . . . . . . . . . . . 99 7.271. internetService . . . . . . . . . . . . . . . . . . . . 99
7.272. internetService . . . . . . . . . . . . . . . . . . . . 99 7.272. serviceProtocol . . . . . . . . . . . . . . . . . . . . 99
7.273. serviceProtocol . . . . . . . . . . . . . . . . . . . . 99 7.273. serviceName . . . . . . . . . . . . . . . . . . . . . . 99
7.274. serviceName . . . . . . . . . . . . . . . . . . . . . . 99 7.274. flags . . . . . . . . . . . . . . . . . . . . . . . . . 99
7.275. flags . . . . . . . . . . . . . . . . . . . . . . . . . 99 7.275. noAccess . . . . . . . . . . . . . . . . . . . . . . . . 100
7.276. noAccess . . . . . . . . . . . . . . . . . . . . . . . . 100 7.276. onlyFrom . . . . . . . . . . . . . . . . . . . . . . . . 100
7.277. onlyFrom . . . . . . . . . . . . . . . . . . . . . . . . 100 7.277. port . . . . . . . . . . . . . . . . . . . . . . . . . . 100
7.278. port . . . . . . . . . . . . . . . . . . . . . . . . . . 100 7.278. server . . . . . . . . . . . . . . . . . . . . . . . . . 100
7.279. server . . . . . . . . . . . . . . . . . . . . . . . . . 100 7.279. serverArguments . . . . . . . . . . . . . . . . . . . . 100
7.280. serverArguments . . . . . . . . . . . . . . . . . . . . 100 7.280. socketType . . . . . . . . . . . . . . . . . . . . . . . 101
7.281. socketType . . . . . . . . . . . . . . . . . . . . . . . 101 7.281. registeredServiceType . . . . . . . . . . . . . . . . . 101
7.282. registeredServiceType . . . . . . . . . . . . . . . . . 101 7.282. wait . . . . . . . . . . . . . . . . . . . . . . . . . . 101
7.283. wait . . . . . . . . . . . . . . . . . . . . . . . . . . 101 7.283. disabled . . . . . . . . . . . . . . . . . . . . . . . . 102
7.284. disabled . . . . . . . . . . . . . . . . . . . . . . . . 102 7.284. windowsView . . . . . . . . . . . . . . . . . . . . . . 102
7.285. windowsView . . . . . . . . . . . . . . . . . . . . . . 102 7.285. fileauditedpermissions . . . . . . . . . . . . . . . . . 102
7.286. fileauditedpermissions . . . . . . . . . . . . . . . . . 102 7.286. trusteeName . . . . . . . . . . . . . . . . . . . . . . 103
7.287. trusteeName . . . . . . . . . . . . . . . . . . . . . . 103 7.287. auditStandardDelete . . . . . . . . . . . . . . . . . . 103
7.288. auditStandardDelete . . . . . . . . . . . . . . . . . . 103 7.288. auditStandardReadControl . . . . . . . . . . . . . . . . 103
7.289. auditStandardReadControl . . . . . . . . . . . . . . . . 103 7.289. auditStandardWriteDac . . . . . . . . . . . . . . . . . 104
7.290. auditStandardWriteDac . . . . . . . . . . . . . . . . . 104 7.290. auditStandardWriteOwner . . . . . . . . . . . . . . . . 104
7.291. auditStandardWriteOwner . . . . . . . . . . . . . . . . 104 7.291. auditStandardSynchronize . . . . . . . . . . . . . . . . 105
7.292. auditStandardSynchronize . . . . . . . . . . . . . . . . 105 7.292. auditAccessSystemSecurity . . . . . . . . . . . . . . . 105
7.293. auditAccessSystemSecurity . . . . . . . . . . . . . . . 105 7.293. auditGenericRead . . . . . . . . . . . . . . . . . . . . 106
7.294. auditGenericRead . . . . . . . . . . . . . . . . . . . . 106 7.294. auditGenericWrite . . . . . . . . . . . . . . . . . . . 106
7.295. auditGenericWrite . . . . . . . . . . . . . . . . . . . 106 7.295. auditGenericExecute . . . . . . . . . . . . . . . . . . 107
7.296. auditGenericExecute . . . . . . . . . . . . . . . . . . 107 7.296. auditGenericAll . . . . . . . . . . . . . . . . . . . . 107
7.297. auditGenericAll . . . . . . . . . . . . . . . . . . . . 107 7.297. auditFileReadData . . . . . . . . . . . . . . . . . . . 108
7.298. auditFileReadData . . . . . . . . . . . . . . . . . . . 108 7.298. auditFileWriteData . . . . . . . . . . . . . . . . . . . 108
7.299. auditFileWriteData . . . . . . . . . . . . . . . . . . . 108 7.299. auditFileAppendData . . . . . . . . . . . . . . . . . . 109
7.300. auditFileAppendData . . . . . . . . . . . . . . . . . . 109 7.300. auditFileReadEa . . . . . . . . . . . . . . . . . . . . 109
7.301. auditFileReadEa . . . . . . . . . . . . . . . . . . . . 109 7.301. auditFileWriteEa . . . . . . . . . . . . . . . . . . . . 110
7.302. auditFileWriteEa . . . . . . . . . . . . . . . . . . . . 110 7.302. auditFileExecute . . . . . . . . . . . . . . . . . . . . 110
7.303. auditFileExecute . . . . . . . . . . . . . . . . . . . . 110 7.303. auditFileDeleteChild . . . . . . . . . . . . . . . . . . 111
7.304. auditFileDeleteChild . . . . . . . . . . . . . . . . . . 111 7.304. auditFileReadAttributes . . . . . . . . . . . . . . . . 111
7.305. auditFileReadAttributes . . . . . . . . . . . . . . . . 111 7.305. auditFileWriteAttributes . . . . . . . . . . . . . . . . 112
7.306. auditFileWriteAttributes . . . . . . . . . . . . . . . . 112 7.306. fileeffectiverights . . . . . . . . . . . . . . . . . . 112
7.307. fileeffectiverights . . . . . . . . . . . . . . . . . . 112 7.307. standardDelete . . . . . . . . . . . . . . . . . . . . . 113
7.308. standardDelete . . . . . . . . . . . . . . . . . . . . . 113 7.308. standardReadControl . . . . . . . . . . . . . . . . . . 113
7.309. standardReadControl . . . . . . . . . . . . . . . . . . 113 7.309. standardWriteDac . . . . . . . . . . . . . . . . . . . . 113
7.310. standardWriteDac . . . . . . . . . . . . . . . . . . . . 113 7.310. standardWriteOwner . . . . . . . . . . . . . . . . . . . 114
7.311. standardWriteOwner . . . . . . . . . . . . . . . . . . . 114 7.311. standardSynchronize . . . . . . . . . . . . . . . . . . 114
7.312. standardSynchronize . . . . . . . . . . . . . . . . . . 114 7.312. accessSystemSecurity . . . . . . . . . . . . . . . . . . 114
7.313. accessSystemSecurity . . . . . . . . . . . . . . . . . . 114 7.313. genericRead . . . . . . . . . . . . . . . . . . . . . . 114
7.314. genericRead . . . . . . . . . . . . . . . . . . . . . . 114 7.314. genericWrite . . . . . . . . . . . . . . . . . . . . . . 114
7.315. genericWrite . . . . . . . . . . . . . . . . . . . . . . 114 7.315. genericExecute . . . . . . . . . . . . . . . . . . . . . 115
7.316. genericExecute . . . . . . . . . . . . . . . . . . . . . 115 7.316. genericAll . . . . . . . . . . . . . . . . . . . . . . . 115
7.317. genericAll . . . . . . . . . . . . . . . . . . . . . . . 115 7.317. fileReadData . . . . . . . . . . . . . . . . . . . . . . 115
7.318. fileReadData . . . . . . . . . . . . . . . . . . . . . . 115 7.318. fileWriteData . . . . . . . . . . . . . . . . . . . . . 115
7.319. fileWriteData . . . . . . . . . . . . . . . . . . . . . 115 7.319. fileAppendData . . . . . . . . . . . . . . . . . . . . . 115
7.320. fileAppendData . . . . . . . . . . . . . . . . . . . . . 115 7.320. fileReadEa . . . . . . . . . . . . . . . . . . . . . . . 116
7.321. fileReadEa . . . . . . . . . . . . . . . . . . . . . . . 116 7.321. fileWriteEa . . . . . . . . . . . . . . . . . . . . . . 116
7.322. fileWriteEa . . . . . . . . . . . . . . . . . . . . . . 116 7.322. fileExecute . . . . . . . . . . . . . . . . . . . . . . 116
7.323. fileExecute . . . . . . . . . . . . . . . . . . . . . . 116 7.323. fileDeleteChild . . . . . . . . . . . . . . . . . . . . 116
7.324. fileDeleteChild . . . . . . . . . . . . . . . . . . . . 116 7.324. fileReadAttributes . . . . . . . . . . . . . . . . . . . 116
7.325. fileReadAttributes . . . . . . . . . . . . . . . . . . . 116 7.325. fileWriteAttributes . . . . . . . . . . . . . . . . . . 117
7.326. fileWriteAttributes . . . . . . . . . . . . . . . . . . 117 7.326. groupInfo . . . . . . . . . . . . . . . . . . . . . . . 117
7.327. groupInfo . . . . . . . . . . . . . . . . . . . . . . . 117 7.327. group . . . . . . . . . . . . . . . . . . . . . . . . . 117
7.328. group . . . . . . . . . . . . . . . . . . . . . . . . . 117 7.328. subgroup . . . . . . . . . . . . . . . . . . . . . . . . 117
7.329. subgroup . . . . . . . . . . . . . . . . . . . . . . . . 117 7.329. groupSidInfo . . . . . . . . . . . . . . . . . . . . . . 117
7.330. groupSidInfo . . . . . . . . . . . . . . . . . . . . . . 117 7.330. userSidInfo . . . . . . . . . . . . . . . . . . . . . . 118
7.331. userSidInfo . . . . . . . . . . . . . . . . . . . . . . 118 7.331. userSid . . . . . . . . . . . . . . . . . . . . . . . . 118
7.332. userSid . . . . . . . . . . . . . . . . . . . . . . . . 118 7.332. subgroupSid . . . . . . . . . . . . . . . . . . . . . . 118
7.333. subgroupSid . . . . . . . . . . . . . . . . . . . . . . 118 7.333. lockoutpolicy . . . . . . . . . . . . . . . . . . . . . 118
7.334. lockoutpolicy . . . . . . . . . . . . . . . . . . . . . 118 7.334. forceLogoff . . . . . . . . . . . . . . . . . . . . . . 118
7.335. forceLogoff . . . . . . . . . . . . . . . . . . . . . . 118 7.335. lockoutDuration . . . . . . . . . . . . . . . . . . . . 119
7.336. lockoutDuration . . . . . . . . . . . . . . . . . . . . 119 7.336. lockoutObservationWindow . . . . . . . . . . . . . . . . 119
7.337. lockoutObservationWindow . . . . . . . . . . . . . . . . 119 7.337. lockoutThreshold . . . . . . . . . . . . . . . . . . . . 119
7.338. lockoutThreshold . . . . . . . . . . . . . . . . . . . . 119 7.338. passwordpolicy . . . . . . . . . . . . . . . . . . . . . 119
7.339. passwordpolicy . . . . . . . . . . . . . . . . . . . . . 119 7.339. maxPasswdAge . . . . . . . . . . . . . . . . . . . . . . 120
7.340. maxPasswdAge . . . . . . . . . . . . . . . . . . . . . . 120 7.340. minPasswdAge . . . . . . . . . . . . . . . . . . . . . . 120
7.341. minPasswdAge . . . . . . . . . . . . . . . . . . . . . . 120 7.341. minPasswdLen . . . . . . . . . . . . . . . . . . . . . . 120
7.342. minPasswdLen . . . . . . . . . . . . . . . . . . . . . . 120 7.342. passwordHistLen . . . . . . . . . . . . . . . . . . . . 121
7.343. passwordHistLen . . . . . . . . . . . . . . . . . . . . 121 7.343. passwordComplexity . . . . . . . . . . . . . . . . . . . 121
7.344. passwordComplexity . . . . . . . . . . . . . . . . . . . 121 7.344. reversibleEncryption . . . . . . . . . . . . . . . . . . 121
7.345. reversibleEncryption . . . . . . . . . . . . . . . . . . 121 7.345. portInfo . . . . . . . . . . . . . . . . . . . . . . . . 121
7.346. portInfo . . . . . . . . . . . . . . . . . . . . . . . . 121 7.346. foreignPort . . . . . . . . . . . . . . . . . . . . . . 121
7.347. foreignPort . . . . . . . . . . . . . . . . . . . . . . 121 7.347. printereffectiverights . . . . . . . . . . . . . . . . . 122
7.348. printereffectiverights . . . . . . . . . . . . . . . . . 122 7.348. printerName . . . . . . . . . . . . . . . . . . . . . . 122
7.349. printerName . . . . . . . . . . . . . . . . . . . . . . 122 7.349. printerAccessAdminister . . . . . . . . . . . . . . . . 122
7.350. printerAccessAdminister . . . . . . . . . . . . . . . . 122 7.350. printerAccessUse . . . . . . . . . . . . . . . . . . . . 122
7.351. printerAccessUse . . . . . . . . . . . . . . . . . . . . 122 7.351. jobAccessAdminister . . . . . . . . . . . . . . . . . . 122
7.352. jobAccessAdminister . . . . . . . . . . . . . . . . . . 122 7.352. jobAccessRead . . . . . . . . . . . . . . . . . . . . . 123
7.353. jobAccessRead . . . . . . . . . . . . . . . . . . . . . 123 7.353. registry . . . . . . . . . . . . . . . . . . . . . . . . 123
7.354. registry . . . . . . . . . . . . . . . . . . . . . . . . 123 7.354. registryHive . . . . . . . . . . . . . . . . . . . . . . 123
7.355. registryHive . . . . . . . . . . . . . . . . . . . . . . 123 7.355. registryKey . . . . . . . . . . . . . . . . . . . . . . 124
7.356. registryKey . . . . . . . . . . . . . . . . . . . . . . 124 7.356. registryKeyName . . . . . . . . . . . . . . . . . . . . 124
7.357. registryKeyName . . . . . . . . . . . . . . . . . . . . 124 7.357. lastWriteTime . . . . . . . . . . . . . . . . . . . . . 124
7.358. lastWriteTime . . . . . . . . . . . . . . . . . . . . . 124 7.358. registryKeyType . . . . . . . . . . . . . . . . . . . . 125
7.359. registryKeyType . . . . . . . . . . . . . . . . . . . . 125 7.359. registryKeyValue . . . . . . . . . . . . . . . . . . . . 126
7.360. registryKeyValue . . . . . . . . . . . . . . . . . . . . 126 7.360. regkeyauditedpermissions . . . . . . . . . . . . . . . . 127
7.361. regkeyauditedpermissions . . . . . . . . . . . . . . . . 127 7.361. auditKeyQueryValue . . . . . . . . . . . . . . . . . . . 128
7.362. auditKeyQueryValue . . . . . . . . . . . . . . . . . . . 128 7.362. auditKeySetValue . . . . . . . . . . . . . . . . . . . . 128
7.363. auditKeySetValue . . . . . . . . . . . . . . . . . . . . 128 7.363. auditKeyCreateSubKey . . . . . . . . . . . . . . . . . . 129
7.364. auditKeyCreateSubKey . . . . . . . . . . . . . . . . . . 129 7.364. auditKeyEnumerateSubKeys . . . . . . . . . . . . . . . . 129
7.365. auditKeyEnumerateSubKeys . . . . . . . . . . . . . . . . 129 7.365. auditKeyNotify . . . . . . . . . . . . . . . . . . . . . 130
7.366. auditKeyNotify . . . . . . . . . . . . . . . . . . . . . 130 7.366. auditKeyCreateLink . . . . . . . . . . . . . . . . . . . 130
7.367. auditKeyCreateLink . . . . . . . . . . . . . . . . . . . 130 7.367. auditKeyWow6464Key . . . . . . . . . . . . . . . . . . . 131
7.368. auditKeyWow6464Key . . . . . . . . . . . . . . . . . . . 131 7.368. auditKeyWow6432Key . . . . . . . . . . . . . . . . . . . 131
7.369. auditKeyWow6432Key . . . . . . . . . . . . . . . . . . . 131 7.369. auditKeyWow64Res . . . . . . . . . . . . . . . . . . . . 132
7.370. auditKeyWow64Res . . . . . . . . . . . . . . . . . . . . 132 7.370. regkeyeffectiverights . . . . . . . . . . . . . . . . . 132
7.371. regkeyeffectiverights . . . . . . . . . . . . . . . . . 132 7.371. keyQueryValue . . . . . . . . . . . . . . . . . . . . . 133
7.372. keyQueryValue . . . . . . . . . . . . . . . . . . . . . 133 7.372. keySetValue . . . . . . . . . . . . . . . . . . . . . . 133
7.373. keySetValue . . . . . . . . . . . . . . . . . . . . . . 133 7.373. keyCreateSubKey . . . . . . . . . . . . . . . . . . . . 133
7.374. keyCreateSubKey . . . . . . . . . . . . . . . . . . . . 133 7.374. keyEnumerateSubKeys . . . . . . . . . . . . . . . . . . 134
7.375. keyEnumerateSubKeys . . . . . . . . . . . . . . . . . . 134 7.375. keyNotify . . . . . . . . . . . . . . . . . . . . . . . 134
7.376. keyNotify . . . . . . . . . . . . . . . . . . . . . . . 134 7.376. keyCreateLink . . . . . . . . . . . . . . . . . . . . . 134
7.377. keyCreateLink . . . . . . . . . . . . . . . . . . . . . 134 7.377. keyWow6464Key . . . . . . . . . . . . . . . . . . . . . 134
7.378. keyWow6464Key . . . . . . . . . . . . . . . . . . . . . 134 7.378. keyWow6432Key . . . . . . . . . . . . . . . . . . . . . 134
7.379. keyWow6432Key . . . . . . . . . . . . . . . . . . . . . 134 7.379. keyWow64Res . . . . . . . . . . . . . . . . . . . . . . 134
7.380. keyWow64Res . . . . . . . . . . . . . . . . . . . . . . 134 7.380. service . . . . . . . . . . . . . . . . . . . . . . . . 135
7.381. service . . . . . . . . . . . . . . . . . . . . . . . . 135 7.381. displayName . . . . . . . . . . . . . . . . . . . . . . 135
7.382. displayName . . . . . . . . . . . . . . . . . . . . . . 135 7.382. description . . . . . . . . . . . . . . . . . . . . . . 135
7.383. description . . . . . . . . . . . . . . . . . . . . . . 135 7.383. serviceType . . . . . . . . . . . . . . . . . . . . . . 135
7.384. serviceType . . . . . . . . . . . . . . . . . . . . . . 135 7.384. startType . . . . . . . . . . . . . . . . . . . . . . . 136
7.385. startType . . . . . . . . . . . . . . . . . . . . . . . 136 7.385. currentState . . . . . . . . . . . . . . . . . . . . . . 137
7.386. currentState . . . . . . . . . . . . . . . . . . . . . . 137 7.386. controlsAccepted . . . . . . . . . . . . . . . . . . . . 138
7.387. controlsAccepted . . . . . . . . . . . . . . . . . . . . 138 7.387. startName . . . . . . . . . . . . . . . . . . . . . . . 140
7.388. startName . . . . . . . . . . . . . . . . . . . . . . . 140 7.388. serviceFlag . . . . . . . . . . . . . . . . . . . . . . 140
7.389. serviceFlag . . . . . . . . . . . . . . . . . . . . . . 140 7.389. dependencies . . . . . . . . . . . . . . . . . . . . . . 140
7.390. dependencies . . . . . . . . . . . . . . . . . . . . . . 140 7.390. serviceeffectiverights . . . . . . . . . . . . . . . . . 140
7.391. serviceeffectiverights . . . . . . . . . . . . . . . . . 140 7.391. trusteeSid . . . . . . . . . . . . . . . . . . . . . . . 141
7.392. trusteeSid . . . . . . . . . . . . . . . . . . . . . . . 141 7.392. serviceQueryConf . . . . . . . . . . . . . . . . . . . . 141
7.393. serviceQueryConf . . . . . . . . . . . . . . . . . . . . 141 7.393. serviceChangeConf . . . . . . . . . . . . . . . . . . . 141
7.394. serviceChangeConf . . . . . . . . . . . . . . . . . . . 141 7.394. serviceQueryStat . . . . . . . . . . . . . . . . . . . . 141
7.395. serviceQueryStat . . . . . . . . . . . . . . . . . . . . 141 7.395. serviceEnumDependents . . . . . . . . . . . . . . . . . 141
7.396. serviceEnumDependents . . . . . . . . . . . . . . . . . 141 7.396. serviceStart . . . . . . . . . . . . . . . . . . . . . . 142
7.397. serviceStart . . . . . . . . . . . . . . . . . . . . . . 142 7.397. serviceStop . . . . . . . . . . . . . . . . . . . . . . 142
7.398. serviceStop . . . . . . . . . . . . . . . . . . . . . . 142 7.398. servicePause . . . . . . . . . . . . . . . . . . . . . . 142
7.399. servicePause . . . . . . . . . . . . . . . . . . . . . . 142 7.399. serviceInterrogate . . . . . . . . . . . . . . . . . . . 142
7.400. serviceInterrogate . . . . . . . . . . . . . . . . . . . 142 7.400. serviceUserDefined . . . . . . . . . . . . . . . . . . . 142
7.401. serviceUserDefined . . . . . . . . . . . . . . . . . . . 142 7.401. sharedresourceauditedpermissions . . . . . . . . . . . . 143
7.402. sharedresourceauditedpermissions . . . . . . . . . . . . 143 7.402. netname . . . . . . . . . . . . . . . . . . . . . . . . 143
7.403. netname . . . . . . . . . . . . . . . . . . . . . . . . 143 7.403. sharedresourceeffectiverights . . . . . . . . . . . . . 143
7.404. sharedresourceeffectiverights . . . . . . . . . . . . . 143 7.404. user . . . . . . . . . . . . . . . . . . . . . . . . . . 144
7.405. user . . . . . . . . . . . . . . . . . . . . . . . . . . 144 7.405. enabled . . . . . . . . . . . . . . . . . . . . . . . . 144
7.406. enabled . . . . . . . . . . . . . . . . . . . . . . . . 144 7.406. lastLogon . . . . . . . . . . . . . . . . . . . . . . . 144
7.407. lastLogon . . . . . . . . . . . . . . . . . . . . . . . 144 7.407. groupSid . . . . . . . . . . . . . . . . . . . . . . . . 144
7.408. groupSid . . . . . . . . . . . . . . . . . . . . . . . . 144
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 144 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 144
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 145 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 145
10. Security Considerations . . . . . . . . . . . . . . . . . . . 145 10. Security Considerations . . . . . . . . . . . . . . . . . . . 145
11. Operational Considerations . . . . . . . . . . . . . . . . . 146 11. Operational Considerations . . . . . . . . . . . . . . . . . 146
11.1. Endpoint Designation . . . . . . . . . . . . . . . . . . 146 11.1. Endpoint Designation . . . . . . . . . . . . . . . . . . 146
11.2. Timestamp Accuracy . . . . . . . . . . . . . . . . . . . 147 11.2. Timestamp Accuracy . . . . . . . . . . . . . . . . . . . 147
12. Privacy Considerations . . . . . . . . . . . . . . . . . . . 148 12. Privacy Considerations . . . . . . . . . . . . . . . . . . . 148
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 148 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 148
13.1. Normative References . . . . . . . . . . . . . . . . . . 148 13.1. Normative References . . . . . . . . . . . . . . . . . . 148
13.2. Informative References . . . . . . . . . . . . . . . . . 149 13.2. Informative References . . . . . . . . . . . . . . . . . 149
Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 149 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 149
A.1. Changes in Revision 01 . . . . . . . . . . . . . . . . . 150 A.1. Changes in Revision 01 . . . . . . . . . . . . . . . . . 150
A.2. Changes in Revision 02 . . . . . . . . . . . . . . . . . 151 A.2. Changes in Revision 02 . . . . . . . . . . . . . . . . . 151
A.3. Changes in Revision 03 . . . . . . . . . . . . . . . . . 151 A.3. Changes in Revision 03 . . . . . . . . . . . . . . . . . 151
A.4. Changes in Revision 04 . . . . . . . . . . . . . . . . . 152 A.4. Changes in Revision 04 . . . . . . . . . . . . . . . . . 152
A.5. Changes in Revision 05 . . . . . . . . . . . . . . . . . 152 A.5. Changes in Revision 05 . . . . . . . . . . . . . . . . . 152
A.6. Changes in Revision 06 . . . . . . . . . . . . . . . . . 152 A.6. Changes in Revision 06 . . . . . . . . . . . . . . . . . 152
A.7. Changes in Revision 07 . . . . . . . . . . . . . . . . . 153 A.7. Changes in Revision 07 . . . . . . . . . . . . . . . . . 153
A.8. Changes in Revision 08 . . . . . . . . . . . . . . . . . 153 A.8. Changes in Revision 08 . . . . . . . . . . . . . . . . . 153
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 153 A.9. Changes in Revision 09 . . . . . . . . . . . . . . . . . 153
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 154
1. Introduction 1. Introduction
The SACM Information Model (IM) serves multiple purposes: The SACM Information Model (IM) serves multiple purposes:
o to ensure interoperability between SACM data models that are used o to ensure interoperability between SACM data models that are used
as transport encodings, as transport encodings,
o to provide a standardized set of Information Elements - the SACM o to provide a standardized set of Information Elements - the SACM
Vocabulary - to enable the exchange of content vital to automated Vocabulary - to enable the exchange of content vital to automated
skipping to change at page 18, line 27 skipping to change at page 18, line 27
Figure 3: Example set of IEs associated with a timestamp and a target Figure 3: Example set of IEs associated with a timestamp and a target
endpoint label. endpoint label.
4.3. SACM Statements 4.3. SACM Statements
One or more SACM Content Elements are bundled in a SACM Statement. One or more SACM Content Elements are bundled in a SACM Statement.
In contrast to SACM Content Element Metadata, SACM Statement Metadata In contrast to SACM Content Element Metadata, SACM Statement Metadata
focuses on the providing information about the SACM Component that focuses on the providing information about the SACM Component that
provided it rather than the target endpoint that the content is provided it rather than the target endpoint that the content is
about. The only content-specific metadata included in the SACM about. The only content-specific metadata included in the SACM
Statement is the content-type IE. Therefore, multiple SACM Content Statement is the statement-type IE. Therefore, multiple SACM Content
Elements that share the same SACM Statement Metadata and are of the Elements that share the same SACM Statement Metadata and are of the
same content-type can be included in a single SACM Statement. A SACM same statement-type can be included in a single SACM Statement. A
Statement functions similar to an envelope or a header and is the SACM Statement functions similar to an envelope or a header and is
subject information element that associates SACM Statement Metadata the subject information element that associates SACM Statement
with security automation information provided in its SACM Content Metadata with security automation information provided in its SACM
Element(s). Its purpose is to enable the tracking of the origin of Content Element(s). Its purpose is to enable the tracking of the
data inside a SACM domain and more importantly to enable the origin of data inside a SACM domain and more importantly to enable
mitigation of conflicting information that may originate from the mitigation of conflicting information that may originate from
different SACM Components. How a consuming SACM Component actually different SACM Components. How a consuming SACM Component actually
deals with conflicting information is out-of-scope of the SACM IM. deals with conflicting information is out-of-scope of the SACM IM.
Semantically, the term statement implies that the SACM content Semantically, the term statement implies that the SACM content
provided by a SACM Component might not be correct in every context, provided by a SACM Component might not be correct in every context,
but, rather is the result of a best-effort to produce correct but, rather is the result of a best-effort to produce correct
information. information.
sacm-statement = ( sacm-statement = (
statement-metadata = ( statement-metadata = (
publish-timestamp = 1461934031, publish-timestamp = 1461934031,
data-origin = 24e67957-3d31-4878-8892-da2b35e121c2, data-origin = 24e67957-3d31-4878-8892-da2b35e121c2,
content-type = observation statement-type = observation
), ),
content-element = ( content-element = (
content-metadata = ( content-metadata = (
collection-timestamp = 146193322, collection-timestamp = 146193322,
data-source = fb02e551-7101-4e68-8dec-1fde6bd10981 data-source = fb02e551-7101-4e68-8dec-1fde6bd10981
), ),
hostname = "arbutus" hostname = "arbutus"
) )
) )
Figure 4: Example of a simple SACM statement including a single Figure 4: Example of a simple SACM statement including a single
content-element. content-element.
sacm-statement = ( sacm-statement = (
statement-metadata = ( statement-metadata = (
publish-timestamp = 1461934031, publish-timestamp = 1461934031,
data-origin = 24e67957-3d31-4878-8892-da2b35e121c2 data-origin = 24e67957-3d31-4878-8892-da2b35e121c2
content-type = observation statement-type = observation
), ),
content-element = ( content-element = (
content-metadata = ( content-metadata = (
collection-timestamp = 146193322, collection-timestamp = 146193322,
data-source = fb02e551-7101-4e68-8dec-1fde6bd10981 data-source = fb02e551-7101-4e68-8dec-1fde6bd10981
), ),
coordinates = ( coordinates = (
latitude = N27.99619, latitude = N27.99619,
longitude = E86.92761 longitude = E86.92761
) )
) )
) )
sacm-statement = ( sacm-statement = (
statement-metadata = ( statement-metadata = (
publish-timestamp = 1461934744, publish-timestamp = 1461934744,
data-origin = e42885a1-0270-44e9-bb5c-865cf6bd4800, data-origin = e42885a1-0270-44e9-bb5c-865cf6bd4800,
content-type = observation statement-type = observation
), ),
content-element = ( content-element = (
content-metadata = ( content-metadata = (
collection-timestamp = 146193821, collection-timestamp = 146193821,
te-label = fb02e551-7101-4e68-8dec-1fde6bd10981 te-label = fb02e551-7101-4e68-8dec-1fde6bd10981
), ),
coordinates = ( coordinates = (
latitude = N16.67622, latitude = N16.67622,
longitude = E141.55321 longitude = E141.55321
) )
skipping to change at page 22, line 22 skipping to change at page 22, line 22
IE values. Every event can also be associated with a subject- IE values. Every event can also be associated with a subject-
specific event-timestamp and a lastseen-timestamp that might differ specific event-timestamp and a lastseen-timestamp that might differ
from the corresponding collection-timestamps. If these are omitted from the corresponding collection-timestamps. If these are omitted
the collection-timestamp that is included in the content-metadata the collection-timestamp that is included in the content-metadata
subject is used instead. subject is used instead.
sacm-statement = ( sacm-statement = (
statement-metadata = ( statement-metadata = (
publish-timestamp = 1461934031, publish-timestamp = 1461934031,
data-origin = 24e67957-3d31-4878-8892-da2b35e121c2, data-origin = 24e67957-3d31-4878-8892-da2b35e121c2,
content-type = event statement-type = event
), ),
event = ( event = (
event-attributes = ( event-attributes = (
event-name = "host-name change", event-name = "host-name change",
content-element = ( content-element = (
content-metadata = ( content-metadata = (
collection-timestamp = 146193322, collection-timestamp = 146193322,
data-source = data-source =
fb02e551-7101-4e68-8dec-1fde6bd10981, fb02e551-7101-4e68-8dec-1fde6bd10981,
event-component = past-state event-component = past-state
skipping to change at page 38, line 22 skipping to change at page 38, line 22
can be collected from a target endpoint. can be collected from a target endpoint.
7.27. collectionTaskType 7.27. collectionTaskType
elementId: TBD elementId: TBD
name: collectionTaskType name: collectionTaskType
dataType: string dataType: string
status: current status: current
description: A set of types that defines how collected description: A set of types that defines how collected
SACM content was acquired (e.g. network-observation, SACM content was acquired (e.g. network-observation,
remote-acquisition, self-reported). remote-acquisition, self-reported, derived, authority,
verified).
7.28. confidence 7.28. confidence
elementId: TBD elementId: TBD
name: confidence name: confidence
dataType: string dataType: string
status: current status: current
description: A representation of the subjective probability description: A representation of the subjective probability
that the assessed value is correct. If no confidence value that the assessed value is correct. If no confidence value
is given, it is assumed that the confidence is 1. Acceptable is given, it is assumed that the confidence is 1. Acceptable
skipping to change at page 43, line 30 skipping to change at page 43, line 30
7.52. locationName 7.52. locationName
elementId: TBD elementId: TBD
name: locationName name: locationName
dataType: string dataType: string
status: current status: current
description: A value that represents a named region of description: A value that represents a named region of
physical space. physical space.
7.53. macAddressValue 7.53. networkZoneLocation
elementId: TBD
name: networkZoneLocation
dataType: string
status: current
description: The zone location of an endpoint on the
network (e.g. internet, enterprise DMZ,
enterprise WAN, enclave DMZ, enclave).
7.54. layer2NetworkLocation
elementId: TBD
name: layer2NetworkLocation
dataType: string
status: current
description: The location of a layer-2 interface on
the network (e.g. link-layer neighborhood,
shared broadcast domain).
7.55. layer3NetworkLocation
elementId: TBD
name: layer3NetworkLocation
dataType: string
status: current
description: The location of a layer-3 interface on
the network (e.g. next-hop routing neighbor).
7.56. macAddressValue
elementId: TBD elementId: TBD
name: macAddressValue name: macAddressValue
dataType: string dataType: string
status: current status: current
description: A value that expresses an Ethernet address. description: A value that expresses an Ethernet address.
7.54. methodLabel 7.57. methodLabel
elementId: TBD elementId: TBD
name: methodLabel name: methodLabel
dataType: string dataType: string
status: current status: current
description: A label that references a specific method description: A label that references a specific method
registered and used in a SACM domain (e.g. method to registered and used in a SACM domain (e.g. method to
match and re-identify target endpoints via identifying match and re-identify target endpoints via identifying
attributes). attributes).
7.55. methodRepository 7.58. methodRepository
elementId: TBD elementId: TBD
name: methodRepository name: methodRepository
dataType: string dataType: string
status: current status: current
description: A label that references a SACM component description: A label that references a SACM component
methods can be registered at and that can provide methods can be registered at and that can provide
guidance in the form of registered methods to other guidance in the form of registered methods to other
SACM components. SACM components.
7.56. networkAccessLevelType 7.59. networkAccessLevelType
elementId: TBD elementId: TBD
name: networkAccessLevelType name: networkAccessLevelType
dataType: string dataType: string
status: current status: current
description: A set of types that expresses categories description: A set of types that expresses categories
of network access-levels (e.g. block, quarantine, etc.). of network access-levels (e.g. block, quarantine, etc.).
7.57. networkId 7.60. networkId
elementId: TBD elementId: TBD
name: networkId name: networkId
dataType: string dataType: string
status: current status: current
description: Most networks such as AS, OSBF domains, description: Most networks such as AS, OSBF domains,
or VLANs can have an ID. or VLANs can have an ID.
7.58. networkInterfaceName 7.61. networkInterfaceName
elementId: TBD elementId: TBD
name: networkInterfaceName name: networkInterfaceName
dataType: string dataType: string
status: current status: current
description: A label that uniquely identifies an interface description: A label that uniquely identifies an interface
associated with a distinguishable endpoint. associated with a distinguishable endpoint.
7.59. networkLayer 7.62. networkLayer
elementId: TBD elementId: TBD
name: networkLayer name: networkLayer
dataType: string dataType: string
status: current status: current
description: A set of layers that expresses the specific description: A set of layers that expresses the specific
network layer an interface operates on. network layer an interface operates on.
7.60. networkName 7.63. networkName
elementId: TBD elementId: TBD
name: networkName name: networkName
dataType: string dataType: string
status: current status: current
description: A label that is associated with a network. description: A label that is associated with a network.
Some networks, for example, effective Some networks, for example, effective
layer2-broadcast-domains are difficult to "grasp" and layer2-broadcast-domains are difficult to "grasp" and
therefore quite difficult to name. therefore quite difficult to name.
7.61. organizationId 7.64. organizationId
elementId: TBD elementId: TBD
name: organizationId name: organizationId
dataType: string dataType: string
status: current status: current
description: A label that uniquely identifies an description: A label that uniquely identifies an
organization via a PEN. organization via a PEN.
7.62. osComponent 7.65. patchId
elementId: TBD
name: osComponent
dataType: string
status: current
description: A label that references a "sub-component"
that is part of the operating system (e.g. a kernel
module, microcode, or ACPI table).
7.63. osLabel
elementId: TBD
name: osLabel
dataType: string
status: current
description: A label that references a specific version
of an operating system, including patches and hotfixes.
7.64. osName
elementId: TBD
name: osName
dataType: string
status: current
description: The name of an operating system.
7.65. osType
elementId: TBD
name: osType
dataType: string
status: current
description: A set of types that identifies the type
of an operating system (e.g. real-time,
security-enhanced, consumer, server).
7.66. osVersion
elementId: TBD
name: osVersion
dataType: string
status: current
description: A value that represents the version of
an operating-system.
7.67. patchId
elementId: TBD elementId: TBD
name: patchId name: patchId
dataType: string dataType: string
status: current status: current
description: A label the uniquely identifies a specific description: A label the uniquely identifies a specific
software patch. software patch.
7.68. patchName 7.66. patchName
elementId: TBD elementId: TBD
name: patchName name: patchName
dataType: string dataType: string
status: current status: current
description: The vendor's name of a software patch. description: The vendor's name of a software patch.
7.69. personFirstName 7.67. personFirstName
elementId: TBD elementId: TBD
name: personFirstName name: personFirstName
dataType: string dataType: string
status: current status: current
description: The first name of a natural person. description: The first name of a natural person.
7.70. personLastName 7.68. personLastName
elementId: TBD elementId: TBD
name: personLastName name: personLastName
dataType: string dataType: string
status: current status: current
description: The last name of a natural person. description: The last name of a natural person.
7.71. personMiddleName 7.69. personMiddleName
elementId: TBD elementId: TBD
name: personMiddleName name: personMiddleName
dataType: string dataType: string
status: current status: current
description: The middle name of a natural person. description: The middle name of a natural person.
7.72. phoneNumber 7.70. phoneNumber
elementId: TBD elementId: TBD
name: phoneNumber name: phoneNumber
dataType: string dataType: string
status: current status: current
description: A label that expresses the U.S. national description: A label that expresses the U.S. national
phone number (e.g. pattern value="((\d{3}) )?\d{3}-\d{4}"). phone number (e.g. pattern value="((\d{3}) )?\d{3}-\d{4}").
7.73. phoneNumberType 7.71. phoneNumberType
elementId: TBD elementId: TBD
name: phoneNumberType name: phoneNumberType
dataType: string dataType: string
status: current status: current
description: A set of types that express the type of description: A set of types that express the type of
a phone number (e.g. DSN, Fax, Home, Mobile, Pager, a phone number (e.g. DSN, Fax, Home, Mobile, Pager,
Secure, Unsecure, Work, Other). Secure, Unsecure, Work, Other).
7.74. privilegeName 7.72. privilegeName
elementId: TBD elementId: TBD
name: privilegeName name: privilegeName
dataType: string dataType: string
status: current status: current
description: The attribute name of the privilege description: The attribute name of the privilege
represented as an AVP. represented as an AVP.
7.75. privilegeValue 7.73. privilegeValue
elementId: TBD elementId: TBD
name: privilegeValue name: privilegeValue
dataType: string dataType: string
status: current status: current
description: The value content of the privilege description: The value content of the privilege
represented as an AVP. represented as an AVP.
7.76. protocol 7.74. protocol
elementId: TBD elementId: TBD
name: protocol name: protocol
dataType: string dataType: string
status: current status: current
description: A set of types that defines specific description: A set of types that defines specific
protocols above layer 4 (e.g. http, https, dns, ipp, protocols above layer 4 (e.g. http, https, dns, ipp,
or unknown). or unknown).
7.77. publicKey 7.75. publicKey
elementId: TBD elementId: TBD
name: publicKey name: publicKey
dataType: string dataType: string
status: current status: current
description: The value of a public key (regardless of its description: The value of a public key (regardless of its
method of creation, crypto-system, or signature scheme) method of creation, crypto-system, or signature scheme)
that can be collected from a target endpoint. that can be collected from a target endpoint.
7.78. relationshipContentElementGuid 7.76. relationshipContentElementGuid
elementId: TBD elementId: TBD
name: relationshipContentElementGuid name: relationshipContentElementGuid
dataType: string dataType: string
status: current status: current
description: A reference to a specific content element description: A reference to a specific content element
used in a relationship subject. used in a relationship subject.
7.79. relationshipStatementElementGuid 7.77. relationshipStatementElementGuid
elementId: TBD elementId: TBD
name: relationshipStatementElementGuid name: relationshipStatementElementGuid
dataType: string dataType: string
status: current status: current
description: A reference to a specific SACM statement description: A reference to a specific SACM statement
used in a relationship subject. used in a relationship subject.
7.80. relationshipObjectLabel 7.78. relationshipObjectLabel
elementId: TBD elementId: TBD
name: relationshipObjectLabel name: relationshipObjectLabel
dataType: string dataType: string
status: current status: current
description: A reference to a specific label used in description: A reference to a specific label used in
content (e.g. a te-label or a user-id). This content (e.g. a te-label or a user-id). This
reference is typically used if matching content reference is typically used if matching content
attribute can be done efficiantly and can also be attribute can be done efficiantly and can also be
included in addition to a relationship-content-element-guid included in addition to a relationship-content-element-guid
reference. reference.
7.81. relationshipType 7.79. relationshipType
elementId: TBD elementId: TBD
name: relationshipType name: relationshipType
dataType: string dataType: string
status: current status: current
description: A set of types that is in every instance description: A set of types that is in every instance
of a relationship subject to highlight what kind of of a relationship subject to highlight what kind of
relationship exists between the subject the relationship relationship exists between the subject the relationship
is included in (e.g. associated_with_user, is included in (e.g. associated_with_user,
applies_to_session, seen_on_interface, associated_with_flow, applies_to_session, seen_on_interface, associated_with_flow,
contains_virtual_device). contains_virtual_device).
7.82. roleName 7.80. roleName
elementId: TBD elementId: TBD
name: roleName name: roleName
dataType: string dataType: string
status: current status: current
description: A label that references a collection of description: A label that references a collection of
privileges assigned to a specific entity (identity? privileges assigned to a specific entity (identity?
FIXME). FIXME).
7.83. sessionStateType 7.81. sessionStateType
elementId: TBD elementId: TBD
name: sessionStateType name: sessionStateType
dataType: string dataType: string
status: current status: current
description: A set of types a discernible session (an description: A set of types a discernible session (an
ongoing network interaction) can be in (e.g. ongoing network interaction) can be in (e.g.
Authenticating, Authenticated, Postured, Started, Authenticating, Authenticated, Postured, Started,
Disconnected). Disconnected).
7.84. statementGuid 7.82. statementGuid
elementId: TBD elementId: TBD
name: statementGuid name: statementGuid
dataType: string dataType: string
status: current status: current
description: A label that expresses a global unique description: A label that expresses a global unique
ID referencing a specific SACM statement that was ID referencing a specific SACM statement that was
produced by a SACM component. produced by a SACM component.
7.85. statementType 7.83. statementType
elementId: TBD elementId: TBD
name: statementType name: statementType
dataType: string dataType: string
status: current status: current
description: A set of types that define the type of description: A set of types that define the type of
content that is included in a SACM statement (e.g. content that is included in a SACM statement (e.g.
Observation, DirectoryContent, Correlation, Assessment, Observation, DirectoryContent, Correlation, Assessment,
Guidance). Guidance, Event).
7.86. status 7.84. status
elementId: TBD elementId: TBD
name: status name: status
dataType: string dataType: string
status: current status: current
description: A set of types that defines possible description: A set of types that defines possible
result values for a finding in general (e.g. true, result values for a finding in general (e.g. true,
false, error, unknown, not applicable, not evaluated). false, error, unknown, not applicable, not evaluated).
7.87. subAdministrativeDomain 7.85. subAdministrativeDomain
elementId: TBD elementId: TBD
name: subAdministrativeDomain name: subAdministrativeDomain
dataType: string dataType: string
status: current status: current
description: A label for related child domains an description: A label for related child domains an
administrative domain can be composed of (used in the administrative domain can be composed of (used in the
subject administrative-domain) subject administrative-domain)
7.88. subInterfaceLabel 7.86. subInterfaceLabel
elementId: TBD elementId: TBD
name: subInterfaceLabel name: subInterfaceLabel
dataType: string dataType: string
status: current status: current
description: A unique label a sub network interface description: A unique label a sub network interface
(e.g. a tagged vlan on a trunk) can be referenced (e.g. a tagged vlan on a trunk) can be referenced
with. with.
7.89. superAdministrativeDomain 7.87. superAdministrativeDomain
elementId: TBD elementId: TBD
name: superAdministrativeDomain name: superAdministrativeDomain
dataType: string dataType: string
status: current status: current
description: a label for related parent domains an description: a label for related parent domains an
administrative domain is part of (used administrative domain is part of (used
in the subject s.administrative-domain). in the subject s.administrative-domain).
7.90. superInterfaceLabel 7.88. superInterfaceLabel
elementId: TBD elementId: TBD
name: superInterfaceLabel name: superInterfaceLabel
dataType: string dataType: string
status: current status: current
description: a unique label a super network interface description: a unique label a super network interface
(e.g. a physical interface a tunnel (e.g. a physical interface a tunnel
interface terminates on) can be referenced interface terminates on) can be referenced
with. with.
7.91. teAssessmentState 7.89. teAssessmentState
elementId: TBD elementId: TBD
name: teAssessmentState name: teAssessmentState
dataType: string dataType: string
status: current status: current
description: a set of types that defines the state of description: a set of types that defines the state of
assessment of a target-endpoint (e.g. assessment of a target-endpoint (e.g.
in-discovery, discovered, in-classification, in-discovery, discovered, in-classification,
classified, in-assessment, assessed). classified, in-assessment, assessed).
7.92. teLabel 7.90. teLabel
elementId: TBD elementId: TBD
name: teLabel name: teLabel
dataType: string dataType: string
status: current status: current
description: an identifying label created from a set description: an identifying label created from a set
of identifying attributes used to reference of identifying attributes used to reference
a specific target endpoint. a specific target endpoint.
7.93. teId 7.91. teId
elementId: TBD elementId: TBD
name: teId name: teId
dataType: string dataType: string
status: current status: current
description: an identifying label that is created description: an identifying label that is created
randomly, is supposed to be unique, and randomly, is supposed to be unique, and
used to reference a specific target used to reference a specific target
endpoint. endpoint.
7.94. timestampType 7.92. timestampType
elementId: TBD elementId: TBD
name: timestampType name: timestampType
dataType: string dataType: string
status: current status: current
description: a set of types that express what type of description: a set of types that express what type of
action or event happened at that point action or event happened at that point
of time (e.g. discovered, classified, of time (e.g. discovered, classified,
collected, published). Can be included in collected, published). Can be included in
a generic s.timestamp subject. a generic s.timestamp subject.
7.95. unitsReceived 7.93. unitsReceived
elementId: TBD elementId: TBD
name: unitsReceived name: unitsReceived
dataType: string dataType: string
status: current status: current
description: a value that represents a number of units description: a value that represents a number of units
(e.g. frames, packets, cells or segments) (e.g. frames, packets, cells or segments)
received on a network interface. received on a network interface.
7.96. unitsSent 7.94. unitsSent
elementId: TBD elementId: TBD
name: unitsSent name: unitsSent
dataType: string dataType: string
status: current status: current
description: a value that represents a number of units description: a value that represents a number of units
(e.g. frames, packets, cells or segments) (e.g. frames, packets, cells or segments)
sent on a network interface. sent on a network interface.
7.97. userDirectory 7.95. userDirectory
elementId: TBD elementId: TBD
name: userDirectory name: userDirectory
dataType: string dataType: string
status: current status: current
description: a label that identifies a specific type description: a label that identifies a specific type
of user-directory (e.g. ldap, active-directory, of user-directory (e.g. ldap, active-directory,
local-user). local-user).
7.98. sacmUserId 7.96. sacmUserId
elementId: TBD elementId: TBD
name: sacmUserId name: sacmUserId
dataType: string dataType: string
status: current status: current
description: a label that references a specific user description: a label that references a specific user
known in a SACM domain. known in a SACM domain.
7.99. webSite 7.97. webSite
elementId: TBD elementId: TBD
name: webSite name: webSite
dataType: string dataType: string
status: current status: current
description: a URI that references a web-site. description: a URI that references a web-site.
7.100. WGS84Longitude 7.98. WGS84Longitude
elementId: TBD elementId: TBD
name: WGS84Longitude name: WGS84Longitude
dataType: float64 dataType: float64
status: current status: current
description: a label that represents WGS 84 rev 2004 description: a label that represents WGS 84 rev 2004
longitude. longitude.
7.101. WGS84Latitude 7.99. WGS84Latitude
elementId: TBD elementId: TBD
name: WGS84Latitude name: WGS84Latitude
dataType: float64 dataType: float64
status: current status: current
description: a label that represents WGS 84 rev 2004 description: a label that represents WGS 84 rev 2004
latitude. latitude.
7.102. WGS84Altitude 7.100. WGS84Altitude
elementId: TBD elementId: TBD
name: WGS84Altitude name: WGS84Altitude
dataType: float64 dataType: float64
status: current status: current
description: a label that represents WGS 84 rev 2004 description: a label that represents WGS 84 rev 2004
altitude. altitude.
7.103. hardwareSerialNumber 7.101. hardwareSerialNumber
elementId: TBD elementId: TBD
name: hardwareSerialNumber name: hardwareSerialNumber
dataType: string dataType: string
status: current status: current
description: A globally unique identifier for a particular description: A globally unique identifier for a particular
piece of hardware assigned by the vendor. piece of hardware assigned by the vendor.
7.104. interfaceName 7.102. interfaceName
elementId: TBD elementId: TBD
name: interfaceName name: interfaceName
dataType: string dataType: string
status: current status: current
description: A short name uniquely describing an interface, description: A short name uniquely describing an interface,
eg "Eth1/0". See [RFC2863] for the definition eg "Eth1/0". See [RFC2863] for the definition
of the ifName object. of the ifName object.
7.105. interfaceIndex 7.103. interfaceIndex
elementId: TBD elementId: TBD
name: interfaceIndex name: interfaceIndex
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: The index of an interface installed on an endpoint. description: The index of an interface installed on an endpoint.
The value matches the value of managed object The value matches the value of managed object
'ifIndex' as defined in [RFC2863]. Note that ifIndex 'ifIndex' as defined in [RFC2863]. Note that ifIndex
values are not assigned statically to an interface values are not assigned statically to an interface
and that the interfaces may be renumbered every time and that the interfaces may be renumbered every time
the device's management system is re-initialized, the device's management system is re-initialized,
as specified in [RFC2863]. as specified in [RFC2863].
7.106. interfaceMacAddress 7.104. interfaceMacAddress
elementId: TBD elementId: TBD
name: interfaceMacAddress name: interfaceMacAddress
dataType: macAddress dataType: macAddress
status: current status: current
description: The IEEE 802 MAC address associated with a network description: The IEEE 802 MAC address associated with a network
interface on an endpoint. interface on an endpoint.
7.107. interfaceType 7.105. interfaceType
elementId: TBD elementId: TBD
name: interfaceType name: interfaceType
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: The type of a network interface. The value matches description: The type of a network interface. The value matches
the value of managed object 'ifType' as defined in the value of managed object 'ifType' as defined in
[IANA registry ianaiftype-mib]. [IANA registry ianaiftype-mib].
7.108. interfaceFlags 7.106. interfaceFlags
elementId: TBD elementId: TBD
name: interfaceFlags name: interfaceFlags
dataType: unsigned16 dataType: unsigned16
status: current status: current
description: This information element specifies the flags description: This information element specifies the flags
associated with a network interface. Possible associated with a network interface. Possible
values include: values include:
structure: Up ; 0x1 ; Interface is up. structure: Up ; 0x1 ; Interface is up.
Broadcast ; 0x2 ; Broadcast address valid. Broadcast ; 0x2 ; Broadcast address valid.
Debug ; 0x4 ; Turn on debugging. Debug ; 0x4 ; Turn on debugging.
Loopback ; 0x8 ; Is a loopback net. Loopback ; 0x8 ; Is a loopback net.
Point-to-point ; 0x10 ; Interface is point-to-point link. Point-to-point ; 0x10 ; Interface is point-to-point link.
No trailers ; 0x20 ; Avoid use of trailers. No trailers ; 0x20 ; Avoid use of trailers.
Resources allocated ; 0x40 ; Resources allocated. Resources allocated ; 0x40 ; Resources allocated.
No ARP ; 0x80 ; No address resolution protocol. No ARP ; 0x80 ; No address resolution protocol.
Receive all ; 0x100 ; Receive all packets. Receive all ; 0x100 ; Receive all packets.
7.109. networkInterface 7.107. networkInterface
elementId: TBD elementId: TBD
name: networkInterface name: networkInterface
dataType: orderedList dataType: orderedList
status: current status: current
description: Information about a network interface description: Information about a network interface
installed on an endpoint. The installed on an endpoint. The
following high-level digram following high-level digram
describes the structure of describes the structure of
networkInterface information networkInterface information
element. element.
structure: orderedList(interfaceName, interfaceIndex, macAddress, structure: orderedList(interfaceName, interfaceIndex, macAddress,
interfaceType, flags) interfaceType, flags)
7.110. softwareIdentifier 7.108. softwareIdentifier
elementId: TBD elementId: TBD
name: softwareIdentifier name: softwareIdentifier
dataType: string dataType: string
status: current status: current
description: A globally unique identifier for a particular description: A globally unique identifier for a particular
software application. software application.
7.111. softwareTitle 7.109. softwareTitle
elementId: TBD elementId: TBD
name: softwareTitle name: softwareTitle
dataType: string dataType: string
status: current status: current
description: The title of the software application. description: The title of the software application.
7.112. softwareCreator 7.110. softwareCreator
elementId: TBD elementId: TBD
name: softwareCreator name: softwareCreator
dataType: string dataType: string
status: current status: current
description: The software developer (e.g., vendor or author). description: The software developer (e.g., vendor or author).
7.113. simpleSoftwareVersion 7.111. simpleSoftwareVersion
elementId: TBD elementId: TBD
name: simpleSoftwareVersion name: simpleSoftwareVersion
dataType: string dataType: string
status: current status: current
description: The version string for a software application that description: The version string for a software application that
conforms to the format of a list of hierarchical conforms to the format of a list of hierarchical
non-negative integers separated by a single character non-negative integers separated by a single character
delimiter format. delimiter format.
7.114. rpmSoftwareVersion 7.112. rpmSoftwareVersion
elementId: TBD elementId: TBD
name: rpmSoftwareVersion name: rpmSoftwareVersion
dataType: string dataType: string
status: current status: current
description: The version string for a software application that description: The version string for a software application that
conforms to the EPOCH:VERSION-RELEASE format. conforms to the EPOCH:VERSION-RELEASE format.
7.115. ciscoTrainSoftwareVersion 7.113. ciscoTrainSoftwareVersion
elementId: TBD elementId: TBD
name: ciscoTrainSoftwareVersion name: ciscoTrainSoftwareVersion
dataType: string dataType: string
status: current status: current
description: The version string for a software application that description: The version string for a software application that
conforms to the Cisco IOS Train string format. conforms to the Cisco IOS Train string format.
7.116. softwareVersion 7.114. softwareVersion
elementId: TBD elementId: TBD
name: softwareVerison name: softwareVerison
dataType: category dataType: category
status: current status: current
description: The version of the software application. Software description: The version of the software application. Software
applications may be versioned using a number of applications may be versioned using a number of
schemas. The following high-level digram describes schemas. The following high-level digram describes
the structure of the softwareVersion information the structure of the softwareVersion information
element. element.
structure: category(simpleSoftwareVersion | rpmSoftwareVersion | structure: category(simpleSoftwareVersion | rpmSoftwareVersion |
ciscoTrainSoftwareVersion) ciscoTrainSoftwareVersion)
7.117. softwareLastUpdated 7.115. softwareLastUpdated
elementId: TBD elementId: TBD
name: softwareLastUpdated name: softwareLastUpdated
dataType: dateTimeSeconds dataType: dateTimeSeconds
status: current status: current
description: The date and time when the software instance description: The date and time when the software instance
was last updated on the system (e.g., new was last updated on the system (e.g., new
version instlalled or patch applied) version instlalled or patch applied)
7.118. softwareInstance 7.116. softwareClass
elementId: TBD elementId: TBD
name: softwareInstance name: softwareClass
dataType: orderedList dataType: enumeration
status: current status: current
description: Information about an instance of software description: The class of the software instance.
installed on an endpoint. The following structure:
high-level digram describes the structure of Unknown ; 0x1 ; The class is not known.
softwareInstance information element. Other ; 0x2 ; The class is known, but, something
structure: orderedList(softwareIdentifier, softwareTitle, other than a value listed in the
softwareCreator, softwareVersion, enumeration.
softwareLastUpdated) Driver ; 0x3 ; The class is a device driver.
Configuration Software ; 0x4 ; The class is configuration software.
Application Software ; 0x5 ; The class is application software.
Instrumentation ; 0x6 ; The class is instrumentation.
Diagnostic Software ; 0x8 ; The class is diagnostic software.
Operating System ; 0x9 ; The class is operating system.
Middleware ; 0xA ; The class is middleware.
Firmware ; 0xB ; The class is firmware.
BIOS/FCode ; 0xC ; The class is BIOS or FCode.
Support/Service Pack ; 0xD ; The class is a support or service pack.
Software Bundle ; 0xE ; The class is a software bundle.
References: See Classifications of the DMTF CIM_SoftwareIdentity
schema.
7.119. globallyUniqueIdentifier 7.117. softwareInstance
elementId: TBD
name: softwareInstance
dataType: orderedList
status: current
description: Information about an instance of software
installed on an endpoint. The following
high-level digram describes the structure of
softwareInstance information element.
structure: orderedList(softwareIdentifier, softwareTitle,
softwareCreator, softwareVersion,
softwareLastUpdated, softwareClass)
7.118. globallyUniqueIdentifier
elementId: TBD elementId: TBD
name: globallyUniqueIdentifier name: globallyUniqueIdentifier
dataType: unsigned8 dataType: unsigned8
status: current status: current
description: TODO. description: TODO.
7.120. creationTimestamp 7.119. creationTimestamp
elementId: TBD elementId: TBD
name: creationTimestamp name: creationTimestamp
dataType: dateTimeSeconds dataType: dateTimeSeconds
status: current status: current
description: The date and time when the posture description: The date and time when the posture
information was created by a SACM Component. information was created by a SACM Component.
7.121. collectionTimestamp 7.120. collectionTimestamp
elementId: TBD elementId: TBD
name: collectionTimestamp name: collectionTimestamp
dataType: dateTimeSeconds dataType: dateTimeSeconds
status: current status: current
description: The date and time when the posture description: The date and time when the posture
information was collected or observed by a SACM information was collected or observed by a SACM
Component. Component.
7.122. publicationTimestamp 7.121. publicationTimestamp
elementId: TBD elementId: TBD
name: publicationTimestamp name: publicationTimestamp
dataType: dateTimeSeconds dataType: dateTimeSeconds
status: current status: current
description: The date and time when the posture description: The date and time when the posture
information was published. information was published.
7.123. relayTimestamp 7.122. relayTimestamp
elementId: TBD elementId: TBD
name: relayTimestamp name: relayTimestamp
dataType: dateTimeSeconds dataType: dateTimeSeconds
status: current status: current
description: The date and time when the posture description: The date and time when the posture
information was relayed to another SACM Component. information was relayed to another SACM Component.
7.124. storageTimestamp 7.123. storageTimestamp
elementId: TBD elementId: TBD
name: storageTimestamp name: storageTimestamp
dataType: dateTimeSeconds dataType: dateTimeSeconds
status: current status: current
description: The date and time when the posture description: The date and time when the posture
information was stored in a Repository. information was stored in a Repository.
7.125. type 7.124. type
elementId: TBD elementId: TBD
name: type name: type
dataType: enumeration dataType: enumeration
status: current status: current
description: The type of data model use to represent description: The type of data model use to represent
some set of endpoint information. The following some set of endpoint information. The following
table lists the set of data models supported by SACM. table lists the set of data models supported by SACM.
structure: TBD structure: TBD
7.126. protocolIdentifier 7.125. protocolIdentifier
elementId: TBD elementId: TBD
name: protocolIdentifier name: protocolIdentifier
dataType: unsigned8 dataType: unsigned8
status: current status: current
description: The value of the protocol number in the IP packet description: The value of the protocol number in the IP packet
header. The protocol number identifies the IP packet header. The protocol number identifies the IP packet
payload type. Protocol numbers are defined in the payload type. Protocol numbers are defined in the
IANA Protocol Numbers registry. IANA Protocol Numbers registry.
In Internet Protocol version 4 (IPv4), this is In Internet Protocol version 4 (IPv4), this is
carried in the Protocol field. In Internet Protocol carried in the Protocol field. In Internet Protocol
version 6 (IPv6), this is carried in the Next Header version 6 (IPv6), this is carried in the Next Header
field in the last extension header of the packet. field in the last extension header of the packet.
7.127. sourceTransportPort 7.126. sourceTransportPort
elementId: TBD elementId: TBD
name: sourceTransportPort name: sourceTransportPort
dataType: unsigned16 dataType: unsigned16
status: current status: current
description: The source port identifier in the transport header. description: The source port identifier in the transport header.
For the transport protocols UDP, TCP, and SCTP, this For the transport protocols UDP, TCP, and SCTP, this
is the source port number given in the respective is the source port number given in the respective
header. This field MAY also be used for future header. This field MAY also be used for future
transport protocols that have 16-bit source port transport protocols that have 16-bit source port
identifiers. identifiers.
7.128. sourceIPv4PrefixLength 7.127. sourceIPv4PrefixLength
elementId: TBD elementId: TBD
name: sourceIPv4PrefixLength name: sourceIPv4PrefixLength
dataType: unsigned8 dataType: unsigned8
status: current status: current
description: The number of contiguous bits that are relevant in description: The number of contiguous bits that are relevant in
the sourceIPv4Prefix Information Element. the sourceIPv4Prefix Information Element.
7.129. ingressInterface 7.128. ingressInterface
elementId: TBD elementId: TBD
name: ingressInterface name: ingressInterface
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: The index of the IP interface where packets of this description: The index of the IP interface where packets of this
Flow are being received. The value matches the Flow are being received. The value matches the
value of managed object 'ifIndex' as defined in value of managed object 'ifIndex' as defined in
[RFC2863]. Note that ifIndex values are not assigned [RFC2863]. Note that ifIndex values are not assigned
statically to an interface and that the interfaces statically to an interface and that the interfaces
may be renumbered every time the device's management may be renumbered every time the device's management
system is re-initialized, as specified in [RFC2863]. system is re-initialized, as specified in [RFC2863].
7.130. destinationTransportPort 7.129. destinationTransportPort
elementId: TBD elementId: TBD
name: destinationTransportPort name: destinationTransportPort
dataType: unsigned16 dataType: unsigned16
status: current status: current
description: The destination port identifier in the transport description: The destination port identifier in the transport
header. For the transport protocols UDP, TCP, and header. For the transport protocols UDP, TCP, and
SCTP, this is the destination port number given in SCTP, this is the destination port number given in
the respective header. This field MAY also be used the respective header. This field MAY also be used
for future transport protocols that have 16-bit for future transport protocols that have 16-bit
destination port identifiers. destination port identifiers.
7.131. sourceIPv6PrefixLength 7.130. sourceIPv6PrefixLength
elementId: TBD elementId: TBD
name: sourceIPv6PrefixLength name: sourceIPv6PrefixLength
dataType: unsigned8 dataType: unsigned8
status: current status: current
description: The number of contiguous bits that are relevant in description: The number of contiguous bits that are relevant in
the sourceIPv6Prefix Information Element. the sourceIPv6Prefix Information Element.
7.132. sourceIPv4Prefix 7.131. sourceIPv4Prefix
elementId: TBD elementId: TBD
name: sourceIPv4Prefix name: sourceIPv4Prefix
dataType: ipv4Address dataType: ipv4Address
status: current status: current
description: IPv4 source address prefix. description: IPv4 source address prefix.
7.133. destinationIPv4Prefix 7.132. destinationIPv4Prefix
elementId: TBD elementId: TBD
name: destinationIPv4Prefix name: destinationIPv4Prefix
dataType: ipv4Address dataType: ipv4Address
status: current status: current
description: IPv4 destination address prefix. description: IPv4 destination address prefix.
7.134. sourceMacAddress 7.133. sourceMacAddress
elementId: TBD elementId: TBD
name: sourceMacAddress name: sourceMacAddress
dataType: macAddress dataType: macAddress
status: current status: current
description: The IEEE 802 source MAC address field. description: The IEEE 802 source MAC address field.
7.135. ipVersion 7.134. ipVersion
elementId: TBD elementId: TBD
name: ipVersion name: ipVersion
dataType: unsigned8 dataType: unsigned8
status: current status: current
description: The IP version field in the IP packet header. description: The IP version field in the IP packet header.
7.136. interfaceDescription 7.135. interfaceDescription
elementId: TBD elementId: TBD
name: interfaceDescription name: interfaceDescription
dataType: string dataType: string
status: current status: current
description: The description of an interface, eg "FastEthernet description: The description of an interface, eg "FastEthernet
1/0" or "ISP 1/0" or "ISP
connection". connection".
7.137. applicationDescription 7.136. applicationDescription
elementId: TBD elementId: TBD
name: applicationDescription name: applicationDescription
dataType: string dataType: string
status: current status: current
description: Specifies the description of an application. description: Specifies the description of an application.
7.138. applicationId 7.137. applicationId
elementId: TBD elementId: TBD
name: applicationId name: applicationId
dataType: octetArray dataType: octetArray
status: current status: current
description: Specifies an Application ID per [RFC6759]. description: Specifies an Application ID per [RFC6759].
7.139. applicationName 7.138. applicationName
elementId: TBD elementId: TBD
name: applicationName name: applicationName
dataType: string dataType: string
status: current status: current
description: Specifies the name of an application. description: Specifies the name of an application.
7.140. exporterIPv4Address 7.139. exporterIPv4Address
elementId: TBD elementId: TBD
name: exporterIPv4Address name: exporterIPv4Address
dataType: ipv4Address dataType: ipv4Address
status: current status: current
description: The IPv4 address used by the Exporting Process. description: The IPv4 address used by the Exporting Process.
This is used by the Collector to identify the This is used by the Collector to identify the
Exporter in cases where the identity of the Exporter Exporter in cases where the identity of the Exporter
may have been obscured by the use of a proxy. may have been obscured by the use of a proxy.
7.141. exporterIPv6Address 7.140. exporterIPv6Address
elementId: TBD elementId: TBD
name: exporterIPv6Address name: exporterIPv6Address
dataType: ipv6Address dataType: ipv6Address
status: current status: current
description: The IPv6 address used by the Exporting Process. description: The IPv6 address used by the Exporting Process.
This is used by the Collector to identify the This is used by the Collector to identify the
Exporter in cases where the identity of the Exporter in cases where the identity of the
Exporter may have been obscured by the use of a Exporter may have been obscured by the use of a
proxy. proxy.
7.142. portId 7.141. portId
elementId: TBD elementId: TBD
name: portId name: portId
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: An identifier of a line port that is unique per description: An identifier of a line port that is unique per
IPFIX Device hosting an Observation Point. IPFIX Device hosting an Observation Point.
Typically, this Information Element is used for Typically, this Information Element is used for
limiting the scope of other Information Elements. limiting the scope of other Information Elements.
7.143. templateId 7.142. templateId
elementId: TBD elementId: TBD
name: templateId name: templateId
dataType: unsigned16 dataType: unsigned16
status: current status: current
description: An identifier of a Template that is locally unique description: An identifier of a Template that is locally unique
within a combination of a Transport session and an within a combination of a Transport session and an
Observation Domain. Observation Domain.
Template IDs 0-255 are reserved for Template Sets, Template IDs 0-255 are reserved for Template Sets,
Options Template Sets, and other reserved Sets yet Options Template Sets, and other reserved Sets yet
to be created. Template IDs of Data Sets are to be created. Template IDs of Data Sets are
numbered from 256 to 65535. numbered from 256 to 65535.
Typically, this Information Element is used for Typically, this Information Element is used for
limiting the scope of other Information Elements. limiting the scope of other Information Elements.
Note that after a re-start of the Exporting Process Note that after a re-start of the Exporting Process
Template identifiers may be re-assigned. Template identifiers may be re-assigned.
7.144. collectorIPv4Address 7.143. collectorIPv4Address
elementId: TBD elementId: TBD
name: collectorIPv4Address name: collectorIPv4Address
dataType: ipv4Address dataType: ipv4Address
status: current status: current
description: An IPv4 address to which the Exporting Process sends description: An IPv4 address to which the Exporting Process sends
Flow information. Flow information.
7.145. collectorIPv6Address 7.144. collectorIPv6Address
elementId: TBD elementId: TBD
name: collectorIPv6Address name: collectorIPv6Address
dataType: ipv6Address dataType: ipv6Address
status: current status: current
description: An IPv6 address to which the Exporting Process sends description: An IPv6 address to which the Exporting Process sends
Flow information. Flow information.
7.146. informationElementIndex 7.145. informationElementIndex
elementId: TBD elementId: TBD
name: informationElementIndex name: informationElementIndex
dataType: unsigned16 dataType: unsigned16
status: current status: current
description: A zero-based index of an Information Element description: A zero-based index of an Information Element
referenced by informationElementId within a Template referenced by informationElementId within a Template
referenced by templateId; used to disambiguate referenced by templateId; used to disambiguate
scope for templates containing multiple identical scope for templates containing multiple identical
Information Elements. Information Elements.
7.147. informationElementId 7.146. informationElementId
elementId: TBD elementId: TBD
name: informationElementId name: informationElementId
dataType: unsigned16 dataType: unsigned16
status: current status: current
description: This Information Element contains the ID of another description: This Information Element contains the ID of another
Information Element. Information Element.
7.148. informationElementDataType 7.147. informationElementDataType
elementId: TBD elementId: TBD
name: informationElementDataType name: informationElementDataType
dataType: unsigned8 dataType: unsigned8
status: current status: current
description: A description of the abstract data type of an IPFIX description: A description of the abstract data type of an IPFIX
information element.These are taken from the information element.These are taken from the
abstract data types defined in section 3.1 of the abstract data types defined in section 3.1 of the
IPFIX Information Model [RFC5102]; see that section IPFIX Information Model [RFC5102]; see that section
for more information on the types described in the for more information on the types described in the
informationElementDataType sub-registry. informationElementDataType sub-registry.
These types are registered in the IANA IPFIX These types are registered in the IANA IPFIX
Information Element Data Type subregistry. This Information Element Data Type subregistry. This
subregistry is intended to assign numbers for type subregistry is intended to assign numbers for type
names, not to provide a mechanism for adding data names, not to provide a mechanism for adding data
types to the IPFIX Protocol, and as such requires a types to the IPFIX Protocol, and as such requires a
Standards Action [RFC5226] to modify. Standards Action [RFC5226] to modify.
7.149. informationElementDescription 7.148. informationElementDescription
elementId: TBD elementId: TBD
name: informationElementDescription name: informationElementDescription
dataType: string dataType: string
status: current status: current
description: A UTF-8 [RFC3629] encoded Unicode string containing description: A UTF-8 [RFC3629] encoded Unicode string containing
a human-readable description of an Information a human-readable description of an Information
Element. The content of the Element. The content of the
informationElementDescription MAY be annotated with informationElementDescription MAY be annotated with
one or more language tags [RFC4646], encoded one or more language tags [RFC4646], encoded
in-line [RFC2482] within the UTF-8 string, in order in-line [RFC2482] within the UTF-8 string, in order
to specify the language in which the description is to specify the language in which the description is
written. Description text in multiple languages MAY written. Description text in multiple languages MAY
tag each section with its own language tag; in this tag each section with its own language tag; in this
case, the description information in each language case, the description information in each language
SHOULD have equivalent meaning. In the absence of SHOULD have equivalent meaning. In the absence of
any language tag, the "i-default" [RFC2277] language any language tag, the "i-default" [RFC2277] language
SHOULD be assumed. See the Security Considerations SHOULD be assumed. See the Security Considerations
section for notes on string handling for Information section for notes on string handling for Information
Element type records. Element type records.
7.150. informationElementName 7.149. informationElementName
elementId: TBD elementId: TBD
name: informationElementName name: informationElementName
dataType: string dataType: string
status: current status: current
description: A UTF-8 [RFC3629] encoded Unicode string containing description: A UTF-8 [RFC3629] encoded Unicode string containing
the name of an Information Element, intended as a the name of an Information Element, intended as a
simple identifier. See the Security Considerations simple identifier. See the Security Considerations
section for notes on string handling for Information section for notes on string handling for Information
Element type records. Element type records.
7.151. informationElementRangeBegin 7.150. informationElementRangeBegin
elementId: TBD elementId: TBD
name: informationElementRangeBegin name: informationElementRangeBegin
dataType: unsigned64 dataType: unsigned64
status: current status: current
description: Contains the inclusive low end of the range of description: Contains the inclusive low end of the range of
acceptable values for an Information Element. acceptable values for an Information Element.
7.152. informationElementRangeEnd 7.151. informationElementRangeEnd
elementId: TBD elementId: TBD
name: informationElementRangeEnd name: informationElementRangeEnd
dataType: unsigned64 dataType: unsigned64
status: current status: current
description: Contains the inclusive high end of the range of description: Contains the inclusive high end of the range of
acceptable values for an Information Element. acceptable values for an Information Element.
7.153. informationElementSemantics 7.152. informationElementSemantics
elementId: TBD elementId: TBD
name: informationElementSemantics name: informationElementSemantics
dataType: unsigned8 dataType: unsigned8
status: current status: current
description: A description of the semantics of an IPFIX description: A description of the semantics of an IPFIX
Information Element. These are taken from the data Information Element. These are taken from the data
type semantics defined in section 3.2 of the IPFIX type semantics defined in section 3.2 of the IPFIX
Information Model [RFC5102]; see that section for Information Model [RFC5102]; see that section for
more information on the types defined in the more information on the types defined in the
skipping to change at page 67, line 36 skipping to change at page 67, line 36
manipulated by a Collecting Process or File Reader manipulated by a Collecting Process or File Reader
that does not understand it a priori. that does not understand it a priori.
These semantics are registered in the IANA IPFIX These semantics are registered in the IANA IPFIX
Information Element Semantics subregistry. This Information Element Semantics subregistry. This
subregistry is intended to assign numbers for subregistry is intended to assign numbers for
semantics names, not to provide a mechanism for semantics names, not to provide a mechanism for
adding semantics to the IPFIX Protocol, and as such adding semantics to the IPFIX Protocol, and as such
requires a Standards Action [RFC5226] to modify. requires a Standards Action [RFC5226] to modify.
7.154. informationElementUnits 7.153. informationElementUnits
elementId: TBD elementId: TBD
name: informationElementUnits name: informationElementUnits
dataType: unsigned16 dataType: unsigned16
status: current status: current
description: A description of the units of an IPFIX Information description: A description of the units of an IPFIX Information
Element. These correspond to the units implicitly Element. These correspond to the units implicitly
defined in the Information Element definitions in defined in the Information Element definitions in
section 5 of the IPFIX Information Model [RFC5102]; section 5 of the IPFIX Information Model [RFC5102];
see that section for more information on the types see that section for more information on the types
described in the informationElementsUnits described in the informationElementsUnits
sub-registry. This field may take the values in sub-registry. This field may take the values in
Table 3 below; the special value 0x00 (none) is Table 3 below; the special value 0x00 (none) is
used to note that the field is unitless. used to note that the field is unitless.
These types are registered in the IANA IPFIX These types are registered in the IANA IPFIX
Information Element Units subregistry; new types Information Element Units subregistry; new types
may be added on a First Come First Served [RFC5226] may be added on a First Come First Served [RFC5226]
basis. basis.
7.155. applicationCategoryName 7.154. applicationCategoryName
elementId: TBD elementId: TBD
name: applicationCategoryName name: applicationCategoryName
dataType: string dataType: string
status: current status: current
description: An attribute that provides a first level description: An attribute that provides a first level
categorization for each Application ID. categorization for each Application ID.
7.156. mibObjectValueInteger 7.155. mibObjectValueInteger
elementId: TBD elementId: TBD
name: mibObjectValueInteger name: mibObjectValueInteger
dataType: signed64 dataType: signed64
status: current status: current
description: An IPFIX Information Element which denotes that the description: An IPFIX Information Element which denotes that the
integer value of a MIB object will be exported. integer value of a MIB object will be exported.
The MIB Object Identifier ("mibObjectIdentifier") The MIB Object Identifier ("mibObjectIdentifier")
for this field MUST be exported in a MIB Field for this field MUST be exported in a MIB Field
Option or via another means. This Information Option or via another means. This Information
Element is used for MIB objects with the Base Element is used for MIB objects with the Base
Syntax of Integer32 and INTEGER with IPFIX Reduced Syntax of Integer32 and INTEGER with IPFIX Reduced
Size Encoding used as required. The value is Size Encoding used as required. The value is
encoded as per the standard IPFIX Abstract Data Type encoded as per the standard IPFIX Abstract Data Type
of signed64. of signed64.
7.157. mibObjectValueOctetString 7.156. mibObjectValueOctetString
elementId: TBD elementId: TBD
name: mibObjectValueOctetString name: mibObjectValueOctetString
dataType: octetArray dataType: octetArray
status: current status: current
description: An IPFIX Information Element which denotes that an description: An IPFIX Information Element which denotes that an
Octet String or Opaque value of a MIB object will Octet String or Opaque value of a MIB object will
be exported. The MIB Object Identifier be exported. The MIB Object Identifier
("mibObjectIdentifier") for this field MUST be ("mibObjectIdentifier") for this field MUST be
exported in a MIB Field Option or via another means. exported in a MIB Field Option or via another means.
This Information Element is used for MIB objects This Information Element is used for MIB objects
with the Base Syntax of OCTET STRING and Opaque. The with the Base Syntax of OCTET STRING and Opaque. The
value is encoded as per the standard IPFIX Abstract value is encoded as per the standard IPFIX Abstract
Data Type of octetArray. Data Type of octetArray.
7.158. mibObjectValueOID 7.157. mibObjectValueOID
elementId: TBD elementId: TBD
name: mibObjectValueOID name: mibObjectValueOID
dataType: octetArray dataType: octetArray
status: current status: current
description: An IPFIX Information Element which denotes that an description: An IPFIX Information Element which denotes that an
Object Identifier or OID value of a MIB object will Object Identifier or OID value of a MIB object will
be exported. The MIB Object Identifier be exported. The MIB Object Identifier
("mibObjectIdentifier") for this field MUST be ("mibObjectIdentifier") for this field MUST be
exported in a MIB Field Option or via another means. exported in a MIB Field Option or via another means.
This Information Element is used for MIB objects This Information Element is used for MIB objects
with the Base Syntax of OBJECT IDENTIFIER. Note - with the Base Syntax of OBJECT IDENTIFIER. Note -
In this case the "mibObjectIdentifier" will define In this case the "mibObjectIdentifier" will define
which MIB object is being exported while the value which MIB object is being exported while the value
contained in this Information Element will be an contained in this Information Element will be an
OID as a value. The mibObjectValueOID Information OID as a value. The mibObjectValueOID Information
Element is encoded as ASN.1/BER [BER] in an Element is encoded as ASN.1/BER [BER] in an
octetArray. octetArray.
7.159. mibObjectValueBits 7.158. mibObjectValueBits
elementId: TBD elementId: TBD
name: mibObjectValueBits name: mibObjectValueBits
dataType: octetArray dataType: octetArray
status: current status: current
description: An IPFIX Information Element which denotes that a description: An IPFIX Information Element which denotes that a
set of Enumerated flags or bits from a MIB object set of Enumerated flags or bits from a MIB object
will be exported. The MIB Object Identifier will be exported. The MIB Object Identifier
("mibObjectIdentifier") for this field MUST be ("mibObjectIdentifier") for this field MUST be
exported in a MIB Field Option or via another means. exported in a MIB Field Option or via another means.
This Information Element is used for MIB objects This Information Element is used for MIB objects
with the Base Syntax of BITS. The flags or bits are with the Base Syntax of BITS. The flags or bits are
encoded as per the standard IPFIX Abstract Data Type encoded as per the standard IPFIX Abstract Data Type
of octetArray, with sufficient length to accommodate of octetArray, with sufficient length to accommodate
the required number of bits. If the number of bits the required number of bits. If the number of bits
is not an integer multiple of octets then the most is not an integer multiple of octets then the most
significant bits at end of the octetArray MUST be significant bits at end of the octetArray MUST be
set to zero. set to zero.
7.160. mibObjectValueIPAddress 7.159. mibObjectValueIPAddress
elementId: TBD elementId: TBD
name: mibObjectValueIPAddress name: mibObjectValueIPAddress
dataType: ipv4Address dataType: ipv4Address
status: current status: current
description: An IPFIX Information Element which denotes that the description: An IPFIX Information Element which denotes that the
IPv4 Address of a MIB object will be exported. The IPv4 Address of a MIB object will be exported. The
MIB Object Identifier ("mibObjectIdentifier") for MIB Object Identifier ("mibObjectIdentifier") for
this field MUST be exported in a MIB Field Option this field MUST be exported in a MIB Field Option
or via another means. This Information Element is or via another means. This Information Element is
used for MIB objects with the Base Syntax of used for MIB objects with the Base Syntax of
IPaddress. The value is encoded as per the standard IPaddress. The value is encoded as per the standard
IPFIX Abstract Data Type of ipv4Address. IPFIX Abstract Data Type of ipv4Address.
7.161. mibObjectValueCounter 7.160. mibObjectValueCounter
elementId: TBD elementId: TBD
name: mibObjectValueCounter name: mibObjectValueCounter
dataType: unsigned64 dataType: unsigned64
status: current status: current
description: An IPFIX Information Element which denotes that the description: An IPFIX Information Element which denotes that the
counter value of a MIB object will be exported. counter value of a MIB object will be exported.
The MIB Object Identifier ("mibObjectIdentifier") The MIB Object Identifier ("mibObjectIdentifier")
for this field MUST be exported in a MIB Field for this field MUST be exported in a MIB Field
Option or via another means. This Information Option or via another means. This Information
Element is used for MIB objects with the Base Element is used for MIB objects with the Base
Syntax of Counter32 or Counter64 with IPFIX Reduced Syntax of Counter32 or Counter64 with IPFIX Reduced
Size Encoding used as required. The value is encoded Size Encoding used as required. The value is encoded
as per the standard IPFIX Abstract Data Type as per the standard IPFIX Abstract Data Type
of unsigned64. of unsigned64.
7.162. mibObjectValueGauge 7.161. mibObjectValueGauge
elementId: TBD elementId: TBD
name: mibObjectValueGauge name: mibObjectValueGauge
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: An IPFIX Information Element which denotes that the description: An IPFIX Information Element which denotes that the
Gauge value of a MIB object will be exported. The Gauge value of a MIB object will be exported. The
MIB Object Identifier ("mibObjectIdentifier") for MIB Object Identifier ("mibObjectIdentifier") for
this field MUST be exported in a MIB Field Option this field MUST be exported in a MIB Field Option
or via another means. This Information Element is or via another means. This Information Element is
used for MIB objects with the Base Syntax of Gauge32. used for MIB objects with the Base Syntax of Gauge32.
The value is encoded as per the standard IPFIX The value is encoded as per the standard IPFIX
Abstract Data Type of unsigned64. This value will Abstract Data Type of unsigned64. This value will
represent a non-negative integer, which may increase represent a non-negative integer, which may increase
or decrease, but shall never exceed a maximum or decrease, but shall never exceed a maximum
value, nor fall below a minimum value. value, nor fall below a minimum value.
7.163. mibObjectValueTimeTicks 7.162. mibObjectValueTimeTicks
elementId: TBD elementId: TBD
name: mibObjectValueTimeTicks name: mibObjectValueTimeTicks
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: An IPFIX Information Element which denotes that the description: An IPFIX Information Element which denotes that the
TimeTicks value of a MIB object will be exported. TimeTicks value of a MIB object will be exported.
The MIB Object Identifier ("mibObjectIdentifier") The MIB Object Identifier ("mibObjectIdentifier")
for this field MUST be exported in a MIB Field for this field MUST be exported in a MIB Field
Option or via another means. This Information Option or via another means. This Information
Element is used for MIB objects with the Base Element is used for MIB objects with the Base
Syntax of TimeTicks. The value is encoded as per Syntax of TimeTicks. The value is encoded as per
the standard IPFIX Abstract Data Type of unsigned32. the standard IPFIX Abstract Data Type of unsigned32.
7.164. mibObjectValueUnsigned 7.163. mibObjectValueUnsigned
elementId: TBD elementId: TBD
name: mibObjectValueUnsigned name: mibObjectValueUnsigned
dataType: unsigned64 dataType: unsigned64
status: current status: current
description: An IPFIX Information Element which denotes that an description: An IPFIX Information Element which denotes that an
unsigned integer value of a MIB object will be unsigned integer value of a MIB object will be
exported. The MIB Object Identifier exported. The MIB Object Identifier
("mibObjectIdentifier") for this field MUST be ("mibObjectIdentifier") for this field MUST be
exported in a MIB Field Option or via another means. exported in a MIB Field Option or via another means.
This Information Element is used for MIB objects This Information Element is used for MIB objects
with the Base Syntax of unsigned64 with IPFIX with the Base Syntax of unsigned64 with IPFIX
Reduced Size Encoding used as required. The value is Reduced Size Encoding used as required. The value is
encoded as per the standard IPFIX Abstract Data Type encoded as per the standard IPFIX Abstract Data Type
of unsigned64. of unsigned64.
7.165. mibObjectValueTable 7.164. mibObjectValueTable
elementId: TBD elementId: TBD
name: mibObjectValueTable name: mibObjectValueTable
dataType: orderedList dataType: orderedList
status: current status: current
description: An IPFIX Information Element which denotes that a description: An IPFIX Information Element which denotes that a
complete or partial conceptual table will be complete or partial conceptual table will be
exported. The MIB Object Identifier exported. The MIB Object Identifier
("mibObjectIdentifier") for this field MUST be ("mibObjectIdentifier") for this field MUST be
exported in a MIB Field Option or via another means. exported in a MIB Field Option or via another means.
This Information Element is used for MIB objects This Information Element is used for MIB objects
with a SYNTAX of SEQUENCE. This is encoded as a with a SYNTAX of SEQUENCE. This is encoded as a
subTemplateList of mibObjectValue Information subTemplateList of mibObjectValue Information
Elements. The template specified in the Elements. The template specified in the
subTemplateList MUST be an Options Template and subTemplateList MUST be an Options Template and
MUST include all the Objects listed in the INDEX MUST include all the Objects listed in the INDEX
clause as Scope Fields. clause as Scope Fields.
structure: orderedList(mibObjectValueRow+) structure: orderedList(mibObjectValueRow+)
7.166. mibObjectValueRow 7.165. mibObjectValueRow
elementId: TBD elementId: TBD
name: mibObjectValueRow name: mibObjectValueRow
dataType: orderedList dataType: orderedList
status: current status: current
description: An IPFIX Information Element which denotes that a description: An IPFIX Information Element which denotes that a
single row of a conceptual table will be exported. single row of a conceptual table will be exported.
The MIB Object Identifier ("mibObjectIdentifier") The MIB Object Identifier ("mibObjectIdentifier")
for this field MUST be exported in a MIB Field for this field MUST be exported in a MIB Field
Option or via another means. This Information Option or via another means. This Information
Element is used for MIB objects with a SYNTAX of Element is used for MIB objects with a SYNTAX of
SEQUENCE. This is encoded as a subTemplateList of SEQUENCE. This is encoded as a subTemplateList of
mibObjectValue Information Elements. The mibObjectValue Information Elements. The
subTemplateList exported MUST contain exactly one subTemplateList exported MUST contain exactly one
row (i.e., one instance of the subtemplate). The row (i.e., one instance of the subtemplate). The
template specified in the subTemplateList MUST be template specified in the subTemplateList MUST be
an Options Template and MUST include all the an Options Template and MUST include all the
Objects listed in the INDEX clause as Scope Fields. Objects listed in the INDEX clause as Scope Fields.
structure: orderedList(mibObjectValue+) structure: orderedList(mibObjectValue+)
7.167. mibObjectIdentifier 7.166. mibObjectIdentifier
elementId: TBD elementId: TBD
name: mibObjectIdentifier name: mibObjectIdentifier
dataType: octetArray dataType: octetArray
status: current status: current
description: An IPFIX Information Element which denotes that a description: An IPFIX Information Element which denotes that a
MIB Object Identifier (MIB OID) is exported in the MIB Object Identifier (MIB OID) is exported in the
(Options) Template Record. The mibObjectIdentifier (Options) Template Record. The mibObjectIdentifier
Information Element contains the OID assigned to Information Element contains the OID assigned to
the MIB Object Type Definition encoded as the MIB Object Type Definition encoded as
ASN.1/BER [BER]. ASN.1/BER [BER].
7.168. mibSubIdentifier 7.167. mibSubIdentifier
elementId: TBD elementId: TBD
name: mibSubIdentifier name: mibSubIdentifier
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: A non-negative sub-identifier of an Object description: A non-negative sub-identifier of an Object
Identifier (OID). Identifier (OID).
7.169. mibIndexIndicator 7.168. mibIndexIndicator
elementId: TBD elementId: TBD
name: mibIndexIndicator name: mibIndexIndicator
dataType: unsigned64 dataType: unsigned64
status: current status: current
description: This set of bit fields is used for marking the description: This set of bit fields is used for marking the
Information Elements of a Data Record that serve as Information Elements of a Data Record that serve as
INDEX MIB objects for an indexed Columnar MIB INDEX MIB objects for an indexed Columnar MIB
object. Each bit represents an Information Element object. Each bit represents an Information Element
in the Data Record with the n-th bit representing in the Data Record with the n-th bit representing
the n-th Information Element. A bit set to value 1 the n-th Information Element. A bit set to value 1
skipping to change at page 74, line 32 skipping to change at page 74, line 32
Fields are among the first 64 Information Elements, Fields are among the first 64 Information Elements,
because the mibIndexIndicator only contains 64 bits. because the mibIndexIndicator only contains 64 bits.
If the Data Record contains less than 64 If the Data Record contains less than 64
Information Elements, then the extra bits in the Information Elements, then the extra bits in the
mibIndexIndicator for which no corresponding mibIndexIndicator for which no corresponding
Information Element exists MUST have the value 0, Information Element exists MUST have the value 0,
and must be disregarded by the Collector. This and must be disregarded by the Collector. This
Information Element may be exported with Information Element may be exported with
IPFIX Reduced Size Encoding. IPFIX Reduced Size Encoding.
7.170. mibCaptureTimeSemantics 7.169. mibCaptureTimeSemantics
elementId: TBD elementId: TBD
name: mibCaptureTimeSemantics name: mibCaptureTimeSemantics
dataType: unsigned8 dataType: unsigned8
status: current status: current
description: Indicates when in the lifetime of the flow the MIB description: Indicates when in the lifetime of the flow the MIB
value was retrieved from the MIB for a value was retrieved from the MIB for a
mibObjectIdentifier. This is used to indicate if mibObjectIdentifier. This is used to indicate if
the value exported was collected from the MIB the value exported was collected from the MIB
closer to flow creation or flow export time and closer to flow creation or flow export time and
will refer to the Timestamp fields included in the will refer to the Timestamp fields included in the
skipping to change at page 75, line 41 skipping to change at page 75, line 41
1. begin - The value for the MIB object is captured 1. begin - The value for the MIB object is captured
from the MIB when the Flow is first observed from the MIB when the Flow is first observed
2. end - The value for the MIB object is captured 2. end - The value for the MIB object is captured
from the MIB when the Flow ends from the MIB when the Flow ends
3. export - The value for the MIB object is 3. export - The value for the MIB object is
captured from the MIB at export time captured from the MIB at export time
4. average - The value for the MIB object is an 4. average - The value for the MIB object is an
average of multiple captures from the MIB over the average of multiple captures from the MIB over the
observed life of the Flow observed life of the Flow
7.171. mibContextEngineID 7.170. mibContextEngineID
elementId: TBD elementId: TBD
name: mibContextEngineID name: mibContextEngineID
dataType: octetArray dataType: octetArray
status: current status: current
description: A mibContextEngineID that specifies the SNMP engine description: A mibContextEngineID that specifies the SNMP engine
ID for a MIB field being exported over IPFIX. ID for a MIB field being exported over IPFIX.
Definition as per [RFC3411] section 3.3. Definition as per [RFC3411] section 3.3.
7.172. mibContextName 7.171. mibContextName
elementId: TBD elementId: TBD
name: mibContextName name: mibContextName
dataType: string dataType: string
status: current status: current
description: This Information Element denotes that a MIB Context description: This Information Element denotes that a MIB Context
Name is specified for a MIB field being exported Name is specified for a MIB field being exported
over IPFIX. Reference [RFC3411] section 3.3. over IPFIX. Reference [RFC3411] section 3.3.
7.173. mibObjectName 7.172. mibObjectName
elementId: TBD elementId: TBD
name: mibObjectName name: mibObjectName
dataType: string dataType: string
status: current status: current
description: The name (called a descriptor in [RFC2578] description: The name (called a descriptor in [RFC2578]
of an object type definition. of an object type definition.
7.174. mibObjectDescription 7.173. mibObjectDescription
elementId: TBD elementId: TBD
name: mibObjectDescription name: mibObjectDescription
dataType: string dataType: string
status: current status: current
description: The value of the DESCRIPTION clause of an MIB object description: The value of the DESCRIPTION clause of an MIB object
type definition. type definition.
7.175. mibObjectSyntax 7.174. mibObjectSyntax
elementId: TBD elementId: TBD
name: mibObjectSyntax name: mibObjectSyntax
dataType: string dataType: string
status: current status: current
description: The value of the SYNTAX clause of an MIB object type description: The value of the SYNTAX clause of an MIB object type
definition, which may include a Textual Convention definition, which may include a Textual Convention
or Subtyping. See [RFC2578]. or Subtyping. See [RFC2578].
7.176. mibModuleName 7.175. mibModuleName
elementId: TBD elementId: TBD
name: mibModuleName name: mibModuleName
dataType: string dataType: string
status: current status: current
description: The textual name of the MIB module that defines a MIB description: The textual name of the MIB module that defines a MIB
Object. Object.
7.177. interface 7.176. interface
elementId: TBD elementId: TBD
name: interface name: interface
dataType: list dataType: list
structure: list (interfaceName, hwAddress, inetAddr, netmask) structure: list (interfaceName, hwAddress, inetAddr, netmask)
status: current status: current
description: Represents an interface and its configuration description: Represents an interface and its configuration
options. options.
7.178. iflisteners 7.177. iflisteners
elementId: TBD elementId: TBD
name: iflisteners name: iflisteners
dataType: list dataType: list
structure: list (interfaceName, physicalProtocol, hwAddress, structure: list (interfaceName, physicalProtocol, hwAddress,
programName, pid, userId) programName, pid, userId)
status: current status: current
description: Stores the results of checking for applications that description: Stores the results of checking for applications that
are bound to an ethernet interface on the system. are bound to an ethernet interface on the system.
7.179. physicalProtocol 7.178. physicalProtocol
elementId: TBD elementId: TBD
name: physicalProtocol name: physicalProtocol
dataType: enumeration dataType: enumeration
structure: structure:
ETH_P_LOOP ; 0x1 ; Ethernet loopback packet. ETH_P_LOOP ; 0x1 ; Ethernet loopback packet.
ETH_P_PUP ; 0x2 ; Xerox PUP packet. ETH_P_PUP ; 0x2 ; Xerox PUP packet.
ETH_P_PUPAT ; 0x3 ; Xerox PUP Address Transport packet. ETH_P_PUPAT ; 0x3 ; Xerox PUP Address Transport packet.
ETH_P_IP ; 0x4 ; Internet protocol packet. ETH_P_IP ; 0x4 ; Internet protocol packet.
ETH_P_X25 ; 0x5 ; CCITT X.25 packet. ETH_P_X25 ; 0x5 ; CCITT X.25 packet.
skipping to change at page 78, line 41 skipping to change at page 78, line 41
ETH_P_IRDA ; 0x2F ; Linux-IrDA. ETH_P_IRDA ; 0x2F ; Linux-IrDA.
ETH_P_ECONET ; 0x30 ; Acorn Econet. ETH_P_ECONET ; 0x30 ; Acorn Econet.
ETH_P_HDLC ; 0x31 ; HDLC frames. ETH_P_HDLC ; 0x31 ; HDLC frames.
ETH_P_ARCNET ; 0x32 ; 1A for ArcNet. ETH_P_ARCNET ; 0x32 ; 1A for ArcNet.
; 0x33 ; The empty string value is permitted here ; 0x33 ; The empty string value is permitted here
to allow for detailed error reporting. to allow for detailed error reporting.
status: current status: current
description: The physical layer protocol used by the AF_PACKET description: The physical layer protocol used by the AF_PACKET
socket. socket.
7.180. hwAddress 7.179. hwAddress
elementId: TBD elementId: TBD
name: hwAddress name: hwAddress
dataType: string dataType: string
status: current status: current
description: The hardware address associated description: The hardware address associated
with the interface. with the interface.
7.181. programName 7.180. programName
elementId: TBD elementId: TBD
name: programName name: programName
dataType: string dataType: string
status: current status: current
description: The name of the communicating description: The name of the communicating
program. program.
7.182. userId 7.181. userId
elementId: TBD elementId: TBD
name: userId name: userId
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: The numeric user id. description: The numeric user id.
7.183. inetlisteningserver 7.182. inetlisteningserver
elementId: TBD elementId: TBD
name: inetlisteningserver name: inetlisteningserver
dataType: list dataType: list
structure: list (transportProtocol, localAddress, structure: list (transportProtocol, localAddress,
localPort, localFullAddress, programName, foreignAddress, localPort, localFullAddress, programName, foreignAddress,
foreignPort, foreignFullAddress, pid, userId) foreignPort, foreignFullAddress, pid, userId)
status: current status: current
description: Stores the results of checking for network servers description: Stores the results of checking for network servers
currently active on a system. It holds information pertaining to currently active on a system. It holds information pertaining to
a specific protocol-address-port combination. a specific protocol-address-port combination.
7.184. transportProtocol 7.183. transportProtocol
elementId: TBD elementId: TBD
name: transportProtocol name: transportProtocol
dataType: string dataType: string
status: current status: current
description: The transport-layer description: The transport-layer
protocol (tcp or udp). protocol (tcp or udp).
7.185. localAddress 7.184. localAddress
elementId: TBD elementId: TBD
name: localAddress name: localAddress
dataType: ipAddress dataType: ipAddress
status: current status: current
description: This is the IP address being listened to. Note that description: This is the IP address being listened to. Note that
the IP address can be IPv4 or IPv6. the IP address can be IPv4 or IPv6.
7.186. localPort 7.185. localPort
elementId: TBD elementId: TBD
name: localPort name: localPort
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: This is the TCP or UDP port description: This is the TCP or UDP port
being listened to. being listened to.
7.187. localFullAddress 7.186. localFullAddress
elementId: TBD elementId: TBD
name: localFullAddress name: localFullAddress
dataType: string dataType: string
status: current status: current
description: The IP address and network port on which the program description: The IP address and network port on which the program
listens, including the local address and the local port. Note listens, including the local address and the local port. Note
that the IP address can be IPv4 or IPv6. that the IP address can be IPv4 or IPv6.
7.188. foreignAddress 7.187. foreignAddress
elementId: TBD elementId: TBD
name: foreignAddress name: foreignAddress
dataType: ipAddress dataType: ipAddress
status: current status: current
description: The IP address with which the program is description: The IP address with which the program is
communicating, or with which it will communicate. Note that the communicating, or with which it will communicate. Note that the
IP address can be IPv4 or IPv6. IP address can be IPv4 or IPv6.
7.189. foreignFullAddress 7.188. foreignFullAddress
elementId: TBD elementId: TBD
name: foreignFullAddress name: foreignFullAddress
dataType: ipAddress dataType: ipAddress
status: current status: current
description: The IP address and network port to which the program description: The IP address and network port to which the program
is communicating or will accept communications from, including is communicating or will accept communications from, including
the foreign address and foreign port. Note that the IP address the foreign address and foreign port. Note that the IP address
can be IPv4 or IPv6. can be IPv4 or IPv6.
7.190. selinuxboolean 7.189. selinuxboolean
elementId: TBD elementId: TBD
name: selinuxboolean name: selinuxboolean
dataType: list dataType: list
structure: list (selinuxName, currentStatus, structure: list (selinuxName, currentStatus,
pendingStatus) pendingStatus)
status: current status: current
description: Describes the current and pending status of a description: Describes the current and pending status of a
SELinux boolean. SELinux boolean.
7.191. selinuxName 7.190. selinuxName
elementId: TBD elementId: TBD
name: selinuxName name: selinuxName
dataType: string dataType: string
status: current status: current
description: The name of the SELinux description: The name of the SELinux
boolean. boolean.
7.192. currentStatus 7.191. currentStatus
elementId: TBD elementId: TBD
name: currentStatus name: currentStatus
dataType: boolean dataType: boolean
status: current status: current
description: Indicates current state of description: Indicates current state of
the specified SELinux boolean. the specified SELinux boolean.
7.193. pendingStatus 7.192. pendingStatus
elementId: TBD elementId: TBD
name: pendingStatus name: pendingStatus
dataType: boolean dataType: boolean
status: current status: current
description: Indicates the pending description: Indicates the pending
state of the specified SELinux boolean. state of the specified SELinux boolean.
7.194. selinuxsecuritycontext 7.193. selinuxsecuritycontext
elementId: TBD elementId: TBD
name: selinuxsecuritycontext name: selinuxsecuritycontext
dataType: list dataType: list
structure: list (filepath, path, filename, pid, structure: list (filepath, path, filename, pid,
username, role, domainType, lowSensitivity, lowCategory, username, role, domainType, lowSensitivity, lowCategory,
highSensitivity, highCategory, rawlowSensitivity, highSensitivity, highCategory, rawlowSensitivity,
rawlowCategory, rawhighSensitivity, rawhighCategory) rawlowCategory, rawhighSensitivity, rawhighCategory)
status: current status: current
description: Describes the SELinux security description: Describes the SELinux security
context of a file or process on the local system. context of a file or process on the local system.
7.195. filepath 7.194. filepath
elementId: TBD elementId: TBD
name: filepath name: filepath
dataType: string dataType: string
status: current status: current
description: Specifies the absolute path for a file on the description: Specifies the absolute path for a file on the
machine. A directory cannot be specified as a filepath. machine. A directory cannot be specified as a filepath.
7.196. path 7.195. path
elementId: TBD elementId: TBD
name: path name: path
dataType: string dataType: string
status: current status: current
description: Specifies the directory component of description: Specifies the directory component of
the absolute path to a file on the machine. the absolute path to a file on the machine.
7.197. filename 7.196. filename
elementId: TBD elementId: TBD
name: filename name: filename
dataType: string dataType: string
status: current status: current
description: The name of the file. description: The name of the file.
7.198. pid 7.197. pid
elementId: TBD elementId: TBD
name: pid name: pid
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: The process ID of the description: The process ID of the
process. process.
7.199. role 7.198. role
elementId: TBD elementId: TBD
name: role name: role
dataType: string dataType: string
status: current status: current
description: Specifies the types that a process description: Specifies the types that a process
may transition to (domain transitions). may transition to (domain transitions).
7.200. domainType 7.199. domainType
elementId: TBD elementId: TBD
name: domainType name: domainType
dataType: string dataType: string
status: current status: current
description: Specifies the domain in which the file is accessible description: Specifies the domain in which the file is accessible
or the domain in which a process executes. or the domain in which a process executes.
7.201. lowSensitivity 7.200. lowSensitivity
elementId: TBD elementId: TBD
name: lowSensitivity name: lowSensitivity
dataType: string dataType: string
status: current status: current
description: Specifies the current sensitivity of a file or description: Specifies the current sensitivity of a file or
process. process.
7.202. lowCategory 7.201. lowCategory
elementId: TBD elementId: TBD
name: lowCategory name: lowCategory
dataType: string dataType: string
status: current status: current
description: Specifies the set of description: Specifies the set of
categories associated with the low sensitivity. categories associated with the low sensitivity.
7.203. highSensitivity 7.202. highSensitivity
elementId: TBD elementId: TBD
name: highSensitivity name: highSensitivity
dataType: string dataType: string
status: current status: current
description: Specifies the maximum description: Specifies the maximum
range for a file or the clearance for a process. range for a file or the clearance for a process.
7.204. highCategory 7.203. highCategory
elementId: TBD elementId: TBD
name: highCategory name: highCategory
dataType: string dataType: string
status: current status: current
description: Specifies the set of description: Specifies the set of
categories associated with the high sensitivity. categories associated with the high sensitivity.
7.205. rawlowSensitivity 7.204. rawlowSensitivity
elementId: TBD elementId: TBD
name: rawlowSensitivity name: rawlowSensitivity
dataType: string dataType: string
status: current status: current
description: Specifies the current sensitivity of a file or description: Specifies the current sensitivity of a file or
process but in its raw context. process but in its raw context.
7.206. rawlowCategory 7.205. rawlowCategory
elementId: TBD elementId: TBD
name: rawlowCategory name: rawlowCategory
dataType: string dataType: string
status: current status: current
description: Specifies the set of categories associated with the description: Specifies the set of categories associated with the
low sensitivity but in its raw context. low sensitivity but in its raw context.
7.207. rawhighSensitivity 7.206. rawhighSensitivity
elementId: TBD elementId: TBD
name: rawhighSensitivity name: rawhighSensitivity
dataType: string dataType: string
status: current status: current
description: Specifies the maximum range for a file or the description: Specifies the maximum range for a file or the
clearance for a process but in its raw context. clearance for a process but in its raw context.
7.208. rawhighCategory 7.207. rawhighCategory
elementId: TBD elementId: TBD
name: rawhighCategory name: rawhighCategory
dataType: string dataType: string
status: current status: current
description: Specifies the set of categories associated with the description: Specifies the set of categories associated with the
high sensitivity but in its raw context. high sensitivity but in its raw context.
7.209. systemdunitdependency 7.208. systemdunitdependency
elementId: TBD elementId: TBD
name: systemdunitdependency name: systemdunitdependency
dataType: list dataType: list
structure: list (unit, dependency) structure: list (unit, dependency)
status: current status: current
description: Stores the dependencies of the systemd description: Stores the dependencies of the systemd
unit. unit.
7.210. unit 7.209. unit
elementId: TBD elementId: TBD
name: unit name: unit
dataType: string dataType: string
status: current status: current
description: Refers to the full systemd unit name, which has a description: Refers to the full systemd unit name, which has a
form of "$name.$type". For example "cupsd.service". This name is form of "$name.$type". For example "cupsd.service". This name is
usually also the filename of the unit configuration file. usually also the filename of the unit configuration file.
7.211. dependency 7.210. dependency
elementId: TBD elementId: TBD
name: dependency name: dependency
dataType: string dataType: string
status: current status: current
description: Refers to the name of a unit that was confirmed to description: Refers to the name of a unit that was confirmed to
be a dependency of the given unit. be a dependency of the given unit.
7.212. systemdunitproperty 7.211. systemdunitproperty
elementId: TBD elementId: TBD
name: systemdunitproperty name: systemdunitproperty
dataType: list dataType: list
structure: list (unit, property, systemdunitValue) structure: list (unit, property, systemdunitValue)
status: current status: current
description: Stores the properties and values of a systemd unit. description: Stores the properties and values of a systemd unit.
7.213. property 7.212. property
elementId: TBD elementId: TBD
name: property name: property
dataType: string dataType: string
status: current status: current
description: The property associated with a description: The property associated with a
systemd unit. systemd unit.
7.214. systemdunitValue 7.213. systemdunitValue
elementId: TBD elementId: TBD
name: systemdunitValue name: systemdunitValue
dataType: string dataType: string
status: current status: current
description: The value of the property associated with a systemd description: The value of the property associated with a systemd
unit. Exactly one value shall be used for all property types unit. Exactly one value shall be used for all property types
except dbus arrays - each array element shall be represented by except dbus arrays - each array element shall be represented by
one value. one value.
7.215. file 7.214. file
elementId: TBD elementId: TBD
name: file name: file
dataType: list dataType: list
structure: list (filepath, path, filename, fileType, userId, structure: list (filepath, path, filename, fileType, userId,
aTime, cTime, mTime, size) aTime, cTime, mTime, size)
status: current status: current
description: The metadata associated with a file on the endpoint. description: The metadata associated with a file on the endpoint.
7.216. fileType 7.215. fileType
elementId: TBD elementId: TBD
name: fileType name: fileType
dataType: string dataType: string
status: current status: current
description: The file's type (e.g., regular file (regular), description: The file's type (e.g., regular file (regular),
directory, named pipe (fifo), symbolic link, socket or block directory, named pipe (fifo), symbolic link, socket or block
special.) special.)
7.217. groupId 7.216. groupId
elementId: TBD elementId: TBD
name: groupId name: groupId
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: The group owner of the file, by description: The group owner of the file, by
group number. group number.
7.218. aTime 7.217. aTime
elementId: TBD elementId: TBD
name: aTime name: aTime
dataType: dateTimeSeconds dataType: dateTimeSeconds
status: current status: current
description: The time that the file was last description: The time that the file was last
accessed. accessed.
7.219. cTime 7.218. cTime
elementId: TBD elementId: TBD
name: cTime name: cTime
dataType: dateTimeSeconds dataType: dateTimeSeconds
status: current status: current
description: The time of the last change description: The time of the last change
to the file's inode. to the file's inode.
7.220. mTime 7.219. mTime
elementId: TBD elementId: TBD
name: mTime name: mTime
dataType: dateTimeSeconds dataType: dateTimeSeconds
status: current status: current
description: The time of the last change to description: The time of the last change to
the file's contents. the file's contents.
7.221. size 7.220. size
elementId: TBD elementId: TBD
name: size name: size
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: This is the size of the file in description: This is the size of the file in
bytes. bytes.
7.222. suid 7.221. suid
elementId: TBD elementId: TBD
name: suid name: suid
dataType: boolean dataType: boolean
status: current status: current
description: Indicates whether the program runs with the uid description: Indicates whether the program runs with the uid
(thus privileges) of the file's owner, rather than the calling (thus privileges) of the file's owner, rather than the calling
user. user.
7.223. sgid 7.222. sgid
elementId: TBD elementId: TBD
name: sgid name: sgid
dataType: boolean dataType: boolean
status: current status: current
description: Indicates whether the program runs with the gid description: Indicates whether the program runs with the gid
(thus privileges) of the file's group owner, rather than the (thus privileges) of the file's group owner, rather than the
calling user's group. calling user's group.
7.224. sticky 7.223. sticky
elementId: TBD elementId: TBD
name: sticky name: sticky
dataType: boolean dataType: boolean
status: current status: current
description: Indicates whether users can delete each other's description: Indicates whether users can delete each other's
files in this directory, when said directory is writable by files in this directory, when said directory is writable by
those users. those users.
7.225. hasExtendedAcl 7.224. hasExtendedAcl
elementId: TBD elementId: TBD
name: hasExtendedAcl name: hasExtendedAcl
dataType: boolean dataType: boolean
status: current status: current
description: Indicates whether the file or directory hasACL description: Indicates whether the file or directory hasACL
permissions applied to it. If a system supports ACLs and the permissions applied to it. If a system supports ACLs and the
file or directory doesn't have an ACL, or it matches the standard file or directory doesn't have an ACL, or it matches the standard
UNIX permissions, the entity will have a status of 'exists' and UNIX permissions, the entity will have a status of 'exists' and
a value of 'false'. If the system supports ACLs and the file or a value of 'false'. If the system supports ACLs and the file or
directory has an ACL, the entity will have a status of 'exists' directory has an ACL, the entity will have a status of 'exists'
and a value of 'true'. Lastly, if a system doesn't support ACLs, and a value of 'true'. Lastly, if a system doesn't support ACLs,
the entity will have a status of 'does not exist'. the entity will have a status of 'does not exist'.
7.226. inetd 7.225. inetd
elementId: TBD elementId: TBD
name: inetd name: inetd
dataType: list dataType: list
structure: list (serviceProtocol, serviceName, serverProgram, structure: list (serviceProtocol, serviceName, serverProgram,
serverArguments, endpointType, execAsUser, waitStatus) serverArguments, endpointType, execAsUser, waitStatus)
status: current status: current
description: Holds information associated description: Holds information associated
with different Internet services. with different Internet services.
7.227. serverProgram 7.226. serverProgram
elementId: TBD elementId: TBD
name: serverProgram name: serverProgram
dataType: string dataType: string
status: current status: current
description: Either the pathname of a server program to be description: Either the pathname of a server program to be
invoked by inetd to perform the requested service, or the value invoked by inetd to perform the requested service, or the value
internal if inetd itself provides the service. internal if inetd itself provides the service.
7.228. endpointType 7.227. endpointType
elementId: TBD elementId: TBD
name: endpointType name: endpointType
dataType: enumeration dataType: enumeration
structure: structure:
stream ; 0x1 ; The stream value is used to describe a stream stream ; 0x1 ; The stream value is used to describe a stream
socket. socket.
dgram ; 0x2 ; The dgram value is used to describe a datagram dgram ; 0x2 ; The dgram value is used to describe a datagram
socket. socket.
raw ; 0x3 ; The raw value is used to describe a raw socket. raw ; 0x3 ; The raw value is used to describe a raw socket.
seqpacket ; 0x4 ; The seqpacket value is used to describe a seqpacket ; 0x4 ; The seqpacket value is used to describe a
skipping to change at page 89, line 26 skipping to change at page 89, line 26
sunrpc_tcp ; 0x6 ; The sunrpc_tcp value is used to describe all sunrpc_tcp ; 0x6 ; The sunrpc_tcp value is used to describe all
SUNRPC TCP endpoints. SUNRPC TCP endpoints.
sunrpc_udp ; 0x7 ; The sunrpc_udp value is used to describe all sunrpc_udp ; 0x7 ; The sunrpc_udp value is used to describe all
SUNRPC UDP endpoints. SUNRPC UDP endpoints.
; 0x8 ; The empty string value is permitted here to allow for ; 0x8 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: The endpoint type (aka, socket type) associated with description: The endpoint type (aka, socket type) associated with
the service. the service.
7.229. execAsUser 7.228. execAsUser
elementId: TBD elementId: TBD
name: execAsUser name: execAsUser
dataType: string dataType: string
status: current status: current
description: The user id of the user the description: The user id of the user the
server program should run under. server program should run under.
7.230. waitStatus 7.229. waitStatus
elementId: TBD elementId: TBD
name: waitStatus name: waitStatus
dataType: enumeration dataType: enumeration
structure: wait ; 0x1 ; The value of 'wait' specifies that the structure: wait ; 0x1 ; The value of 'wait' specifies that the
server that is invoked by inetd will take over the listening server that is invoked by inetd will take over the listening
socket associated with the service, and once launched, inetd will socket associated with the service, and once launched, inetd will
wait for that server to exit, if ever, before it resumes wait for that server to exit, if ever, before it resumes
listening for new service requests. listening for new service requests.
nowait ; 0x2 ; The value of 'nowait' specifies that the server nowait ; 0x2 ; The value of 'nowait' specifies that the server
skipping to change at page 90, line 27 skipping to change at page 90, line 27
; 0x3 ; The empty string value is permitted here to allow for ; 0x3 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: Specifies whether the server that is invoked by description: Specifies whether the server that is invoked by
inetd will take over the listening socket associated with the inetd will take over the listening socket associated with the
service, and whether once launched, inetd will wait for that service, and whether once launched, inetd will wait for that
server to exit, if ever, before it resumes listening for new server to exit, if ever, before it resumes listening for new
service requests. The legal values are "wait" or "nowait". service requests. The legal values are "wait" or "nowait".
7.231. inetAddr 7.230. inetAddr
elementId: TBD elementId: TBD
name: inetAddr name: inetAddr
dataType: ipAddress dataType: ipAddress
status: current status: current
description: The IP address of the specific interface. Note that description: The IP address of the specific interface. Note that
the IP address can be IPv4 or IPv6. the IP address can be IPv4 or IPv6.
7.232. netmask 7.231. netmask
elementId: TBD elementId: TBD
name: netmask name: netmask
dataType: ipAddress dataType: ipAddress
status: current status: current
description: The bitmask used to calculate description: The bitmask used to calculate
the interface's IP network. the interface's IP network.
7.233. passwordInfo 7.232. passwordInfo
elementId: TBD elementId: TBD
name: passwordInfo name: passwordInfo
dataType: list dataType: list
structure: list (username, password, userId, groupId, gcos, structure: list (username, password, userId, groupId, gcos,
homeDir, loginShell, lastLogin) homeDir, loginShell, lastLogin)
status: current status: current
description: Describes user account information for a description: Describes user account information for a
system. system.
7.234. username 7.233. username
elementId: TBD elementId: TBD
name: username name: username
dataType: string dataType: string
status: current status: current
description: The name of the user. description: The name of the user.
7.235. password 7.234. password
elementId: TBD elementId: TBD
name: password name: password
dataType: string dataType: string
status: current status: current
description: The encrypted version of the description: The encrypted version of the
user's password. user's password.
7.236. gcos 7.235. gcos
elementId: TBD elementId: TBD
name: gcos name: gcos
dataType: string dataType: string
status: current status: current
description: description:
7.237. homeDir 7.236. homeDir
elementId: TBD elementId: TBD
name: homeDir name: homeDir
dataType: string dataType: string
status: current status: current
description: The user's home description: The user's home
directory. directory.
7.238. loginShell 7.237. loginShell
elementId: TBD elementId: TBD
name: loginShell name: loginShell
dataType: string dataType: string
status: current status: current
description: The user's shell description: The user's shell
program. program.
7.239. lastLogin 7.238. lastLogin
elementId: TBD elementId: TBD
name: lastLogin name: lastLogin
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: The date and time when the description: The date and time when the
last login occurred. last login occurred.
7.240. process 7.239. process
elementId: TBD elementId: TBD
name: process name: process
dataType: list dataType: list
structure: list (commandLine, pid, ppid, priority, startTime) structure: list (commandLine, pid, ppid, priority, startTime)
status: current status: current
description: Information about a process running on an endpoint. description: Information about a process running on an endpoint.
7.241. commandLine 7.240. commandLine
elementId: TBD elementId: TBD
name: commandLine name: commandLine
dataType: string dataType: string
status: current status: current
description: The string used to start the description: The string used to start the
process. This includes any parameters that are part of the process. This includes any parameters that are part of the
command line. command line.
7.242. ppid 7.241. ppid
elementId: TBD elementId: TBD
name: ppid name: ppid
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: The process ID of the process's description: The process ID of the process's
parent process. parent process.
7.243. priority 7.242. priority
elementId: TBD elementId: TBD
name: priority name: priority
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: The scheduling priority with description: The scheduling priority with
which the process runs. which the process runs.
7.244. startTime 7.243. startTime
elementId: TBD elementId: TBD
name: startTime name: startTime
dataType: string dataType: string
status: current status: current
description: The time of day the process description: The time of day the process
started. started.
7.245. routingtable 7.244. routingtable
elementId: TBD elementId: TBD
name: routingtable name: routingtable
dataType: list dataType: list
structure: list (destination, gateway, flags, structure: list (destination, gateway, flags,
interfaceName) interfaceName)
status: current status: current
description: Holds information about an individual routing table description: Holds information about an individual routing table
entry found in a system's primary routing table. entry found in a system's primary routing table.
7.246. destination 7.245. destination
elementId: TBD elementId: TBD
name: destination name: destination
dataType: ipAddress dataType: ipAddress
status: current status: current
description: The destination IP address description: The destination IP address
prefix of the routing table entry. prefix of the routing table entry.
7.247. gateway 7.246. gateway
elementId: TBD elementId: TBD
name: gateway name: gateway
dataType: ipAddress dataType: ipAddress
status: current status: current
description: The gateway of the specified description: The gateway of the specified
routing table entry. routing table entry.
7.248. runlevelInfo 7.247. runlevelInfo
elementId: TBD elementId: TBD
name: runlevelInfo name: runlevelInfo
dataType: list dataType: list
structure: list (serviceName, runlevel, start, kill) structure: list (serviceName, runlevel, start, kill)
status: current status: current
description: Information about the start or kill state of a description: Information about the start or kill state of a
specified service at a given runlevel. specified service at a given runlevel.
7.249. runlevel 7.248. runlevel
elementId: TBD elementId: TBD
name: runlevel name: runlevel
dataType: string dataType: string
status: current status: current
description: Specifies the system runlevel description: Specifies the system runlevel
associated with a service. associated with a service.
7.250. start 7.249. start
elementId: TBD elementId: TBD
name: start name: start
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether the service is description: Specifies whether the service is
scheduled to start at the runlevel. scheduled to start at the runlevel.
7.251. kill 7.250. kill
elementId: TBD elementId: TBD
name: kill name: kill
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether the service is description: Specifies whether the service is
scheduled to be killed at the runlevel. scheduled to be killed at the runlevel.
7.252. shadowItem 7.251. shadowItem
elementId: TBD elementId: TBD
name: shadowItem name: shadowItem
dataType: list dataType: list
structure: list (username, password, chgLst, chgAllow, structure: list (username, password, chgLst, chgAllow,
chgReq, expWarn, expInact, expDate, flags, encryptMethod) chgReq, expWarn, expInact, expDate, flags, encryptMethod)
status: current status: current
description: description:
7.253. chgLst 7.252. chgLst
elementId: TBD elementId: TBD
name: chgLst name: chgLst
dataType: dateTimeSeconds dataType: dateTimeSeconds
status: current status: current
description: The date of the last password description: The date of the last password
change. change.
7.254. chgAllow 7.253. chgAllow
elementId: TBD elementId: TBD
name: chgAllow name: chgAllow
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: Specifies how often in days a description: Specifies how often in days a
user may change their password. It can also be thought of user may change their password. It can also be thought of
as the minimum age of a password. as the minimum age of a password.
7.255. chgReq 7.254. chgReq
elementId: TBD elementId: TBD
name: chgReq name: chgReq
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: Describes how long a user can description: Describes how long a user can
keep a password before the system forces her to change it. keep a password before the system forces her to change it.
7.256. expWarn 7.255. expWarn
elementId: TBD elementId: TBD
name: expWarn name: expWarn
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: Describes how long before description: Describes how long before
password expiration the system begins warning the user. password expiration the system begins warning the user.
7.257. expInact 7.256. expInact
elementId: TBD elementId: TBD
name: expInact name: expInact
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: Describes how many days of description: Describes how many days of
account inactivity the system will wait after a password account inactivity the system will wait after a password
expires before locking the account. expires before locking the account.
7.258. expDate 7.257. expDate
elementId: TBD elementId: TBD
name: expDate name: expDate
dataType: dateTimeSeconds dataType: dateTimeSeconds
status: current status: current
description: Specifies when will the description: Specifies when will the
account's password expire. account's password expire.
7.259. encryptMethod 7.258. encryptMethod
elementId: TBD elementId: TBD
name: encryptMethod name: encryptMethod
dataType: enumeration dataType: enumeration
structure: DES ; 0x1 ; The DES method corresponds to the (none) structure: DES ; 0x1 ; The DES method corresponds to the (none)
prefix. prefix.
BSDi ; 0x2 ; The BSDi method corresponds to BSDi modified BSDi ; 0x2 ; The BSDi method corresponds to BSDi modified
DES or the '_' prefix. DES or the '_' prefix.
MD5 ; 0x3 ; The MD5 method corresponds to MD5 for Linux/BSD MD5 ; 0x3 ; The MD5 method corresponds to MD5 for Linux/BSD
or the $1$ prefix. or the $1$ prefix.
skipping to change at page 96, line 38 skipping to change at page 96, line 38
prefix. prefix.
SHA-256 ; 0x6 ; The SHA-256 method corresponds to the $5$ SHA-256 ; 0x6 ; The SHA-256 method corresponds to the $5$
prefix. prefix.
SHA-512 ; 0x7 ; The SHA-512 method corresponds to the $6$ SHA-512 ; 0x7 ; The SHA-512 method corresponds to the $6$
prefix. ; 0x8 ; The empty string value is permitted here to prefix. ; 0x8 ; The empty string value is permitted here to
allow for empty elements associated with variable references. allow for empty elements associated with variable references.
status: current status: current
description: Describes method that is used for hashing description: Describes method that is used for hashing
passwords. passwords.
7.260. symlink 7.259. symlink
elementId: TBD elementId: TBD
name: symlink name: symlink
dataType: list dataType: list
structure: list (symlinkFilepath, canonicalPath) structure: list (symlinkFilepath, canonicalPath)
status: current status: current
description: Identifies the result generated for a symlink. description: Identifies the result generated for a symlink.
7.261. symlinkFilepath 7.260. symlinkFilepath
elementId: TBD elementId: TBD
name: symlinkFilepath name: symlinkFilepath
dataType: string dataType: string
status: current status: current
description: Specifies the filepath to description: Specifies the filepath to
the subject symbolic link file. the subject symbolic link file.
7.262. canonicalPath 7.261. canonicalPath
elementId: TBD elementId: TBD
name: canonicalPath name: canonicalPath
dataType: string dataType: string
status: current status: current
description: Specifies the canonical description: Specifies the canonical
path for the target of the symbolic link file specified by path for the target of the symbolic link file specified by
the filepath. the filepath.
7.263. sysctl 7.262. sysctl
elementId: TBD elementId: TBD
name: sysctl name: sysctl
dataType: list dataType: list
structure: list (kernelParameterName, kernelParameterValue+, structure: list (kernelParameterName, kernelParameterValue+,
uname, machineClass, nodeName, osName, osRelease, uname, machineClass, nodeName, osName, osRelease,
osVersion, processorType) osVersion, processorType)
status: current status: current
description: Stores description: Stores
information retrieved from the local system about a kernel information retrieved from the local system about a kernel
parameter and its respective value(s). parameter and its respective value(s).
7.264. kernelParameterName 7.263. kernelParameterName
elementId: TBD elementId: TBD
name: kernelParameterName name: kernelParameterName
dataType: string dataType: string
status: current status: current
description: The name of a kernel description: The name of a kernel
parameter that was collected from the local system. parameter that was collected from the local system.
7.265. kernelParameterValue 7.264. kernelParameterValue
elementId: TBD elementId: TBD
name: kernelParameterValue name: kernelParameterValue
dataType: string dataType: string
status: current status: current
description: The current value(s) description: The current value(s)
for the specified kernel parameter on the local system. for the specified kernel parameter on the local system.
7.266. uname 7.265. uname
elementId: TBD elementId: TBD
name: uname name: uname
dataType: list dataType: list
structure: list (machineClass, nodeName, osName, osRelease, structure: list (machineClass, nodeName, osName, osRelease,
osVersion, processorType) osVersion, processorType)
status: current status: current
description: Information about the hardware the machine is running description: Information about the hardware the machine is running
on. on.
7.267. machineClass 7.266. machineClass
elementId: TBD elementId: TBD
name: machineClass name: machineClass
dataType: string dataType: string
status: current status: current
description: Specifies the machine description: Specifies the machine
hardware name. hardware name.
7.268. nodeName 7.267. nodeName
elementId: TBD elementId: TBD
name: nodeName name: nodeName
dataType: string dataType: string
status: current status: current
description: Specifies the host description: Specifies the host
name. name.
7.269. osName 7.268. osName
elementId: TBD elementId: TBD
name: osName name: osName
dataType: string dataType: string
status: current status: current
description: Specifies the operating system description: Specifies the operating system
name. name.
7.270. osRelease 7.269. osRelease
elementId: TBD elementId: TBD
name: osRelease name: osRelease
dataType: string dataType: string
status: current status: current
description: Specifies the build description: Specifies the build
version. version.
7.271. processorType 7.270. processorType
elementId: TBD elementId: TBD
name: processorType name: processorType
dataType: string dataType: string
status: current status: current
description: Specifies the processor description: Specifies the processor
type. type.
7.272. internetService 7.271. internetService
elementId: TBD elementId: TBD
name: internetService name: internetService
dataType: list dataType: list
structure: list (serviceProtocol, serviceName, flags, structure: list (serviceProtocol, serviceName, flags,
noAccess, onlyFrom, port, server, serverArguments, noAccess, onlyFrom, port, server, serverArguments,
socketType, registeredServiceType, user, wait, disabled) socketType, registeredServiceType, user, wait, disabled)
status: current status: current
description: Holds information associated with Internet services. description: Holds information associated with Internet services.
7.273. serviceProtocol 7.272. serviceProtocol
elementId: TBD elementId: TBD
name: serviceProtocol name: serviceProtocol
dataType: string dataType: string
status: current status: current
description: Specifies the protocol description: Specifies the protocol
that is used by the service. that is used by the service.
7.274. serviceName 7.273. serviceName
elementId: TBD elementId: TBD
name: serviceName name: serviceName
dataType: string dataType: string
status: current status: current
description: Specifies the name of the description: Specifies the name of the
service. service.
7.275. flags 7.274. flags
elementId: TBD elementId: TBD
name: flags name: flags
dataType: string dataType: string
status: current status: current
description: Specifies miscellaneous settings description: Specifies miscellaneous settings
associated with the service with executing a program. associated with the service with executing a program.
7.276. noAccess 7.275. noAccess
elementId: TBD elementId: TBD
name: noAccess name: noAccess
dataType: string dataType: string
status: current status: current
description: Specifies the remote hosts to description: Specifies the remote hosts to
which the service is unavailable. which the service is unavailable.
7.277. onlyFrom 7.276. onlyFrom
elementId: TBD elementId: TBD
name: onlyFrom name: onlyFrom
dataType: ipAddress dataType: ipAddress
status: current status: current
description: Specifies the remote hosts to description: Specifies the remote hosts to
which the service is available. which the service is available.
7.278. port 7.277. port
elementId: TBD elementId: TBD
name: port name: port
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: The port entity specifies the port description: The port entity specifies the port
used by the service. used by the service.
7.279. server 7.278. server
elementId: TBD elementId: TBD
name: server name: server
dataType: string dataType: string
status: current status: current
description: Specifies the executable that is description: Specifies the executable that is
used to launch the service. used to launch the service.
7.280. serverArguments 7.279. serverArguments
elementId: TBD elementId: TBD
name: serverArguments name: serverArguments
dataType: string dataType: string
status: current status: current
description: Specifies the arguments description: Specifies the arguments
that are passed to the executable when launching the service. that are passed to the executable when launching the service.
7.281. socketType 7.280. socketType
elementId: TBD elementId: TBD
name: socketType name: socketType
dataType: string dataType: string
status: current status: current
description: Specifies the type of socket description: Specifies the type of socket
that is used by the service. Possible values include: stream, that is used by the service. Possible values include: stream,
dgram, raw, or seqpacket. dgram, raw, or seqpacket.
7.282. registeredServiceType 7.281. registeredServiceType
elementId: TBD elementId: TBD
name: registeredServiceType name: registeredServiceType
dataType: enumeration dataType: enumeration
structure: INTERNAL ; 0x1 ; The INTERNAL type is used to describe structure: INTERNAL ; 0x1 ; The INTERNAL type is used to describe
services like echo, chargen, and others whose functionality is services like echo, chargen, and others whose functionality is
supplied by xinetd itself. supplied by xinetd itself.
RPC ; 0x2 ; The RPC type is used to describe services that RPC ; 0x2 ; The RPC type is used to describe services that
use remote procedure call ala NFS. use remote procedure call ala NFS.
UNLISTED ; 0x3 ; The UNLISTED type is used to describe UNLISTED ; 0x3 ; The UNLISTED type is used to describe
skipping to change at page 101, line 40 skipping to change at page 101, line 40
TCPMUXPLUS ; 0x5 ; The TCPMUXPLUS type is used to describe TCPMUXPLUS ; 0x5 ; The TCPMUXPLUS type is used to describe
services that conform to RFC 1078. This type indicates that services that conform to RFC 1078. This type indicates that
xinetd is responsible for handling the protocol xinetd is responsible for handling the protocol
handshake. handshake.
; 0x6 ; The empty string value is permitted here to allow ; 0x6 ; The empty string value is permitted here to allow
for detailed error reporting. for detailed error reporting.
status: current status: current
description: Specifies the type of internet service. description: Specifies the type of internet service.
7.283. wait 7.282. wait
elementId: TBD elementId: TBD
name: wait name: wait
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether or not the service is single-threaded description: Specifies whether or not the service is single-threaded
or multi-threaded and whether or not xinetd accepts the connection or multi-threaded and whether or not xinetd accepts the connection
or the service accepts the connection. A value of 'true' indicates or the service accepts the connection. A value of 'true' indicates
that the service is single-threaded and the service will accept the that the service is single-threaded and the service will accept the
connection. A value of 'false' indicates that the service is multi- connection. A value of 'false' indicates that the service is multi-
threaded and xinetd will accept the connection. threaded and xinetd will accept the connection.
7.284. disabled 7.283. disabled
elementId: TBD elementId: TBD
name: disabled name: disabled
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether or not the description: Specifies whether or not the
service is disabled. A value of 'true' indicates that the service is disabled. A value of 'true' indicates that the
service is disabled and will not start. A value of service is disabled and will not start. A value of
'false' indicates that the service is not disabled. 'false' indicates that the service is not disabled.
7.285. windowsView 7.284. windowsView
elementId: TBD elementId: TBD
name: windowsView name: windowsView
dataType: enumeration dataType: enumeration
structure: 32_bit ; 0x1 ; Indicates the 32_bit windows view. structure: 32_bit ; 0x1 ; Indicates the 32_bit windows view.
64_bit ; 0x2 ; Indicates the 64_bit windows view. 64_bit ; 0x2 ; Indicates the 64_bit windows view.
; 0x3 ; The empty string value is permitted here to allow for ; 0x3 ; The empty string value is permitted here to allow for
empty elements associated with error conditions. empty elements associated with error conditions.
status: current status: current
description: Indicates from which description: Indicates from which
view (32-bit or 64-bit), the information was collected. view (32-bit or 64-bit), the information was collected.
A value of '32_bit' indicates the Item was collected from A value of '32_bit' indicates the Item was collected from
the 32-bit view. A value of '64-bit' indicates the Item the 32-bit view. A value of '64-bit' indicates the Item
was collected from the 64-bit view. was collected from the 64-bit view.
7.286. fileauditedpermissions 7.285. fileauditedpermissions
elementId: TBD elementId: TBD
name: fileauditedpermissions name: fileauditedpermissions
dataType: list dataType: list
structure: list (filepath, path, filename, structure: list (filepath, path, filename,
trusteeSid, trusteeName, auditStandardDelete, trusteeSid, trusteeName, auditStandardDelete,
auditStandardReadControl, auditStandardWriteDac, auditStandardReadControl, auditStandardWriteDac,
auditStandardWriteOwner, auditStandardSynchronize, auditStandardWriteOwner, auditStandardSynchronize,
auditAccessSystemSecurity, auditGenericRead, auditGenericWrite, auditAccessSystemSecurity, auditGenericRead, auditGenericWrite,
auditGenericExecute, auditGenericAll, auditFileReadData, auditGenericExecute, auditGenericAll, auditFileReadData,
auditFileWriteData, auditFileAppendData, auditFileReadEa, auditFileWriteData, auditFileAppendData, auditFileReadEa,
auditFileWriteEa, auditFileExecute, auditFileDeleteChild, auditFileWriteEa, auditFileExecute, auditFileDeleteChild,
auditFileReadAttributes, auditFileWriteAttributes, auditFileReadAttributes, auditFileWriteAttributes,
windowsView) windowsView)
status: current status: current
description: Stores the audited access rights of a file that a description: Stores the audited access rights of a file that a
system access control list (SACL) structure grants to a specified system access control list (SACL) structure grants to a specified
trustee. The trustee's audited access rights are determined checking trustee. The trustee's audited access rights are determined checking
all access control entries (ACEs) in the SACL. all access control entries (ACEs) in the SACL.
7.287. trusteeName 7.286. trusteeName
elementId: TBD elementId: TBD
name: trusteeName name: trusteeName
dataType: string dataType: string
status: current status: current
description: Specifies the trustee name. A description: Specifies the trustee name. A
trustee can be a user, group, or program (such as a Windows trustee can be a user, group, or program (such as a Windows
service). service).
7.288. auditStandardDelete 7.287. auditStandardDelete
elementId: TBD elementId: TBD
name: auditStandardDelete name: auditStandardDelete
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: The right to delete the object. description: The right to delete the object.
7.289. auditStandardReadControl 7.288. auditStandardReadControl
elementId: TBD elementId: TBD
name: auditStandardReadControl name: auditStandardReadControl
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: The right to read the information in the object's description: The right to read the information in the object's
security descriptor, not including the information in the SACL. security descriptor, not including the information in the SACL.
7.290. auditStandardWriteDac 7.289. auditStandardWriteDac
elementId: TBD elementId: TBD
name: auditStandardWriteDac name: auditStandardWriteDac
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
skipping to change at page 104, line 46 skipping to change at page 104, line 46
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: The right to modify the DACL in the object's security description: The right to modify the DACL in the object's security
descriptor. descriptor.
7.291. auditStandardWriteOwner 7.290. auditStandardWriteOwner
elementId: TBD elementId: TBD
name: auditStandardWriteOwner name: auditStandardWriteOwner
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: The right to change the owner in the object's security description: The right to change the owner in the object's security
descriptor. descriptor.
7.292. auditStandardSynchronize 7.291. auditStandardSynchronize
elementId: TBD elementId: TBD
name: auditStandardSynchronize name: auditStandardSynchronize
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
skipping to change at page 105, line 47 skipping to change at page 105, line 47
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: The right to use the object for synchronization. description: The right to use the object for synchronization.
This enables a thread to wait until the object is in the signaled This enables a thread to wait until the object is in the signaled
state. Some object types do not support this access right. state. Some object types do not support this access right.
7.293. auditAccessSystemSecurity 7.292. auditAccessSystemSecurity
elementId: TBD elementId: TBD
name: auditAccessSystemSecurity name: auditAccessSystemSecurity
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: Indicates access to a system access control list (SACL). description: Indicates access to a system access control list (SACL).
7.294. auditGenericRead 7.293. auditGenericRead
elementId: TBD elementId: TBD
name: auditGenericRead name: auditGenericRead
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: Read access. description: Read access.
7.295. auditGenericWrite 7.294. auditGenericWrite
elementId: TBD elementId: TBD
name: auditGenericWrite name: auditGenericWrite
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: Write access. description: Write access.
7.296. auditGenericExecute 7.295. auditGenericExecute
elementId: TBD elementId: TBD
name: auditGenericExecute name: auditGenericExecute
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: Execute access. description: Execute access.
7.297. auditGenericAll 7.296. auditGenericAll
elementId: TBD elementId: TBD
name: auditGenericAll name: auditGenericAll
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: Read, write, and execute access. description: Read, write, and execute access.
7.298. auditFileReadData 7.297. auditFileReadData
elementId: TBD elementId: TBD
name: auditFileReadData name: auditFileReadData
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: Grants the right to read data from the file. description: Grants the right to read data from the file.
7.299. auditFileWriteData 7.298. auditFileWriteData
elementId: TBD elementId: TBD
name: auditFileWriteData name: auditFileWriteData
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: Grants the right to write data to the file. description: Grants the right to write data to the file.
7.300. auditFileAppendData 7.299. auditFileAppendData
elementId: TBD elementId: TBD
name: auditFileAppendData name: auditFileAppendData
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: Grants the right to append data to the file. description: Grants the right to append data to the file.
7.301. auditFileReadEa 7.300. auditFileReadEa
elementId: TBD elementId: TBD
name: auditFileReadEa name: auditFileReadEa
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: Grants the right to read extended attributes. description: Grants the right to read extended attributes.
7.302. auditFileWriteEa 7.301. auditFileWriteEa
elementId: TBD elementId: TBD
name: auditFileWriteEa name: auditFileWriteEa
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: Grants the right to write extended attributes. description: Grants the right to write extended attributes.
7.303. auditFileExecute 7.302. auditFileExecute
elementId: TBD elementId: TBD
name: auditFileExecute name: auditFileExecute
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: Grants the right to execute a file. description: Grants the right to execute a file.
7.304. auditFileDeleteChild 7.303. auditFileDeleteChild
elementId: TBD elementId: TBD
name: auditFileDeleteChild name: auditFileDeleteChild
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
skipping to change at page 111, line 45 skipping to change at page 111, line 45
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: Right to delete a directory and all the files it description: Right to delete a directory and all the files it
contains (its children), even if the files are read-only. contains (its children), even if the files are read-only.
7.305. auditFileReadAttributes 7.304. auditFileReadAttributes
elementId: TBD elementId: TBD
name: auditFileReadAttributes name: auditFileReadAttributes
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: Grants the right to read file attributes. description: Grants the right to read file attributes.
7.306. auditFileWriteAttributes 7.305. auditFileWriteAttributes
elementId: TBD elementId: TBD
name: auditFileWriteAttributes name: auditFileWriteAttributes
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: Grants the right to change file attributes. description: Grants the right to change file attributes.
7.307. fileeffectiverights 7.306. fileeffectiverights
elementId: TBD elementId: TBD
name: fileeffectiverights name: fileeffectiverights
dataType: list dataType: list
structure: list (filepath, path, filename, structure: list (filepath, path, filename,
trusteeSid, trusteeName, standardDelete, standardReadControl, trusteeSid, trusteeName, standardDelete, standardReadControl,
standardWriteDac, standardWriteOwner, standardWriteDac, standardWriteOwner,
standardSynchronize, accessSystemSecurity, genericRead, standardSynchronize, accessSystemSecurity, genericRead,
genericWrite, genericExecute, genericAll, fileReadData, genericWrite, genericExecute, genericAll, fileReadData,
fileWriteData, fileAppendData, fileReadEa, fileWriteEa, fileWriteData, fileAppendData, fileReadEa, fileWriteEa,
fileExecute, fileDeleteChild, fileReadAttributes, fileExecute, fileDeleteChild, fileReadAttributes,
fileWriteAttributes, windowsView) fileWriteAttributes, windowsView)
status: current status: current
description: Stores the effective rights of a file that a description: Stores the effective rights of a file that a
discretionary access control list (DACL) structure grants discretionary access control list (DACL) structure grants
to a specified trustee. The trustee's effective rights to a specified trustee. The trustee's effective rights
are determined checking all access-allowed and access-denied are determined checking all access-allowed and access-denied
access control entries (ACEs) in the DACL. access control entries (ACEs) in the DACL.
7.308. standardDelete 7.307. standardDelete
elementId: TBD elementId: TBD
name: standardDelete name: standardDelete
dataType: boolean dataType: boolean
status: current status: current
description: The right to delete the description: The right to delete the
object. object.
7.309. standardReadControl 7.308. standardReadControl
elementId: TBD elementId: TBD
name: standardReadControl name: standardReadControl
dataType: boolean dataType: boolean
status: current status: current
description: The right to read description: The right to read
the information in the object's security descriptor, not the information in the object's security descriptor, not
including the information in the SACL. including the information in the SACL.
7.310. standardWriteDac 7.309. standardWriteDac
elementId: TBD elementId: TBD
name: standardWriteDac name: standardWriteDac
dataType: boolean dataType: boolean
status: current status: current
description: The right to modify the description: The right to modify the
DACL in the object's security descriptor. DACL in the object's security descriptor.
7.311. standardWriteOwner 7.310. standardWriteOwner
elementId: TBD elementId: TBD
name: standardWriteOwner name: standardWriteOwner
dataType: boolean dataType: boolean
status: current status: current
description: The right to change description: The right to change
the owner in the object's security descriptor. the owner in the object's security descriptor.
7.312. standardSynchronize 7.311. standardSynchronize
elementId: TBD elementId: TBD
name: standardSynchronize name: standardSynchronize
dataType: boolean dataType: boolean
status: current status: current
description: The right to use the description: The right to use the
object for synchronization. This enables a thread to wait object for synchronization. This enables a thread to wait
until the object is in the signaled state. Some object until the object is in the signaled state. Some object
types do not support this access right. types do not support this access right.
7.313. accessSystemSecurity 7.312. accessSystemSecurity
elementId: TBD elementId: TBD
name: accessSystemSecurity name: accessSystemSecurity
dataType: boolean dataType: boolean
status: current status: current
description: Indicates access to description: Indicates access to
a system access control list (SACL). a system access control list (SACL).
7.314. genericRead 7.313. genericRead
elementId: TBD elementId: TBD
name: genericRead name: genericRead
dataType: boolean dataType: boolean
status: current status: current
description: Read access. description: Read access.
7.315. genericWrite 7.314. genericWrite
elementId: TBD elementId: TBD
name: genericWrite name: genericWrite
dataType: boolean dataType: boolean
status: current status: current
description: Write access. description: Write access.
7.316. genericExecute 7.315. genericExecute
elementId: TBD elementId: TBD
name: genericExecute name: genericExecute
dataType: boolean dataType: boolean
status: current status: current
description: Execute access. description: Execute access.
7.317. genericAll 7.316. genericAll
elementId: TBD elementId: TBD
name: genericAll name: genericAll
dataType: boolean dataType: boolean
status: current status: current
description: Read, write, and execute description: Read, write, and execute
access. access.
7.318. fileReadData 7.317. fileReadData
elementId: TBD elementId: TBD
name: fileReadData name: fileReadData
dataType: boolean dataType: boolean
status: current status: current
description: Grants the right to read description: Grants the right to read
data from the file data from the file
7.319. fileWriteData 7.318. fileWriteData
elementId: TBD elementId: TBD
name: fileWriteData name: fileWriteData
dataType: boolean dataType: boolean
status: current status: current
description: Grants the right to write description: Grants the right to write
data to the file. data to the file.
7.320. fileAppendData 7.319. fileAppendData
elementId: TBD elementId: TBD
name: fileAppendData name: fileAppendData
dataType: boolean dataType: boolean
status: current status: current
description: Grants the right to description: Grants the right to
append data to the file. append data to the file.
7.321. fileReadEa 7.320. fileReadEa
elementId: TBD elementId: TBD
name: fileReadEa name: fileReadEa
dataType: boolean dataType: boolean
status: current status: current
description: Grants the right to read description: Grants the right to read
extended attributes. extended attributes.
7.322. fileWriteEa 7.321. fileWriteEa
elementId: TBD elementId: TBD
name: fileWriteEa name: fileWriteEa
dataType: boolean dataType: boolean
status: current status: current
description: Grants the right to write description: Grants the right to write
extended attributes. extended attributes.
7.323. fileExecute 7.322. fileExecute
elementId: TBD elementId: TBD
name: fileExecute name: fileExecute
dataType: boolean dataType: boolean
status: current status: current
description: Grants the right to execute description: Grants the right to execute
a file. a file.
7.324. fileDeleteChild 7.323. fileDeleteChild
elementId: TBD elementId: TBD
name: fileDeleteChild name: fileDeleteChild
dataType: boolean dataType: boolean
status: current status: current
description: Right to delete a description: Right to delete a
directory and all the files it contains (its children), directory and all the files it contains (its children),
even if the files are read-only. even if the files are read-only.
7.325. fileReadAttributes 7.324. fileReadAttributes
elementId: TBD elementId: TBD
name: fileReadAttributes name: fileReadAttributes
dataType: boolean dataType: boolean
status: current status: current
description: Grants the right to description: Grants the right to
read file attributes. read file attributes.
7.326. fileWriteAttributes 7.325. fileWriteAttributes
elementId: TBD elementId: TBD
name: fileWriteAttributes name: fileWriteAttributes
dataType: boolean dataType: boolean
status: current status: current
description: Grants the right to description: Grants the right to
change file attributes. change file attributes.
7.327. groupInfo 7.326. groupInfo
elementId: TBD elementId: TBD
name: groupInfo name: groupInfo
dataType: list dataType: list
structure: list (group, username, subgroup) structure: list (group, username, subgroup)
status: current status: current
description: Specifies the different users and subgroups, that description: Specifies the different users and subgroups, that
directly belong to specific groups. directly belong to specific groups.
7.328. group 7.327. group
elementId: TBD elementId: TBD
name: group name: group
dataType: string dataType: string
status: current status: current
description: Represents the name of a particular description: Represents the name of a particular
group. group.
7.329. subgroup 7.328. subgroup
elementId: TBD elementId: TBD
name: subgroup name: subgroup
dataType: string dataType: string
status: current status: current
description: Represents the name of a description: Represents the name of a
particular subgroup in the specified group. particular subgroup in the specified group.
7.330. groupSidInfo 7.329. groupSidInfo
elementId: TBD elementId: TBD
name: groupSidInfo name: groupSidInfo
dataType: list dataType: list
structure: list (groupSid, userSid, subgroupSid) structure: list (groupSid, userSid, subgroupSid)
status: current status: current
description: Specifies the different users and subgroups, that description: Specifies the different users and subgroups, that
directly belong to specific groups directly belong to specific groups
(identified by SID). (identified by SID).
7.331. userSidInfo 7.330. userSidInfo
elementId: TBD elementId: TBD
name: userSidInfo name: userSidInfo
dataType: list dataType: list
structure: list (userSid, enabled, groupSid, lastLogon) structure: list (userSid, enabled, groupSid, lastLogon)
status: current status: current
description: Specifies the different groups (identified by SID) description: Specifies the different groups (identified by SID)
that a user belongs to. that a user belongs to.
7.332. userSid 7.331. userSid
elementId: TBD elementId: TBD
name: userSid name: userSid
dataType: string dataType: string
status: current status: current
description: Represents the SID of a description: Represents the SID of a
particular user. particular user.
7.333. subgroupSid 7.332. subgroupSid
elementId: TBD elementId: TBD
name: subgroupSid name: subgroupSid
dataType: string dataType: string
status: current status: current
description: Represents the SID of a description: Represents the SID of a
particular subgroup. particular subgroup.
7.334. lockoutpolicy 7.333. lockoutpolicy
elementId: TBD elementId: TBD
name: lockoutpolicy name: lockoutpolicy
dataType: list dataType: list
structure: list (forceLogoff, lockoutDuration, structure: list (forceLogoff, lockoutDuration,
lockoutObservationWindow, lockoutThreshold) lockoutObservationWindow, lockoutThreshold)
status: current status: current
description: Specifies various attributes associated description: Specifies various attributes associated
with lockout information for users and global groups in the with lockout information for users and global groups in the
security database. security database.
7.335. forceLogoff 7.334. forceLogoff
elementId: TBD elementId: TBD
name: forceLogoff name: forceLogoff
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: Specifies, in seconds, the description: Specifies, in seconds, the
amount of time between the end of the valid logon time and amount of time between the end of the valid logon time and
the time when the user is forced to log off the the time when the user is forced to log off the
network. network.
7.336. lockoutDuration 7.335. lockoutDuration
elementId: TBD elementId: TBD
name: lockoutDuration name: lockoutDuration
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: Specifies, in seconds, description: Specifies, in seconds,
how long a locked account remains locked before it is how long a locked account remains locked before it is
automatically unlocked. automatically unlocked.
7.337. lockoutObservationWindow 7.336. lockoutObservationWindow
elementId: TBD elementId: TBD
name: lockoutObservationWindow name: lockoutObservationWindow
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: Specifies the description: Specifies the
maximum time, in seconds, that can elapse between any two maximum time, in seconds, that can elapse between any two
failed logon attempts before lockout occurs. failed logon attempts before lockout occurs.
7.338. lockoutThreshold 7.337. lockoutThreshold
elementId: TBD elementId: TBD
name: lockoutThreshold name: lockoutThreshold
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: Specifies the number of description: Specifies the number of
invalid password authentications that can occur before an invalid password authentications that can occur before an
account is marked "locked out." account is marked "locked out."
7.339. passwordpolicy 7.338. passwordpolicy
elementId: TBD elementId: TBD
name: passwordpolicy name: passwordpolicy
dataType: list dataType: list
structure: list (maxPasswdAge, minPasswdAge, structure: list (maxPasswdAge, minPasswdAge,
minPasswdLen, passwordHistLen, passwordComplexity, minPasswdLen, passwordHistLen, passwordComplexity,
reversibleEncryption) reversibleEncryption)
status: current status: current
description: Specifies description: Specifies
policy information associated with passwords. policy information associated with passwords.
7.340. maxPasswdAge 7.339. maxPasswdAge
elementId: TBD elementId: TBD
name: maxPasswdAge name: maxPasswdAge
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: Specifies, in seconds (from description: Specifies, in seconds (from
a DWORD), the maximum allowable password age. A value of a DWORD), the maximum allowable password age. A value of
TIMEQ_FOREVER (max DWORD value, 4294967295) indicates TIMEQ_FOREVER (max DWORD value, 4294967295) indicates
that the password never expires. The minimum valid value that the password never expires. The minimum valid value
for this element is ONE_DAY (86400). See the for this element is ONE_DAY (86400). See the
USER_MODALS_INFO_0 structure returned by a call to USER_MODALS_INFO_0 structure returned by a call to
NetUserModalsGet(). NetUserModalsGet().
7.341. minPasswdAge 7.340. minPasswdAge
elementId: TBD elementId: TBD
name: minPasswdAge name: minPasswdAge
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: Specifies the minimum description: Specifies the minimum
number of seconds that can elapse between the time a password number of seconds that can elapse between the time a password
changes and when it can be changed again. A value of changes and when it can be changed again. A value of
zero indicates that no delay is required between password zero indicates that no delay is required between password
updates. updates.
7.342. minPasswdLen 7.341. minPasswdLen
elementId: TBD elementId: TBD
name: minPasswdLen name: minPasswdLen
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: Specifies the minimum description: Specifies the minimum
allowable password length. Valid values for this element are allowable password length. Valid values for this element are
zero through PWLEN. zero through PWLEN.
7.343. passwordHistLen 7.342. passwordHistLen
elementId: TBD elementId: TBD
name: passwordHistLen name: passwordHistLen
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: Specifies the length of description: Specifies the length of
password history maintained. A new password cannot match any password history maintained. A new password cannot match any
of the previous usrmod0_password_hist_len passwords. of the previous usrmod0_password_hist_len passwords.
Valid values for this element are zero through DEF_MAX_PWHIST. Valid values for this element are zero through DEF_MAX_PWHIST.
7.344. passwordComplexity 7.343. passwordComplexity
elementId: TBD elementId: TBD
name: passwordComplexity name: passwordComplexity
dataType: boolean dataType: boolean
status: current status: current
description: Indicates whether description: Indicates whether
passwords must meet the complexity requirements put forth passwords must meet the complexity requirements put forth
by the operating system. by the operating system.
7.345. reversibleEncryption 7.344. reversibleEncryption
elementId: TBD elementId: TBD
name: reversibleEncryption name: reversibleEncryption
dataType: boolean dataType: boolean
status: current status: current
description: Indicates whether description: Indicates whether
or not passwords are stored using reversible encryption. or not passwords are stored using reversible encryption.
7.346. portInfo 7.345. portInfo
elementId: TBD elementId: TBD
name: portInfo name: portInfo
dataType: list dataType: list
structure: list (localAddress, localPort, transportProtocol, structure: list (localAddress, localPort, transportProtocol,
pid, foreignAddress, foreignPort) pid, foreignAddress, foreignPort)
status: current status: current
description: Information about open listening ports. description: Information about open listening ports.
7.347. foreignPort 7.346. foreignPort
elementId: TBD elementId: TBD
name: foreignPort name: foreignPort
dataType: string dataType: string
status: current status: current
description: The TCP or UDP port to which description: The TCP or UDP port to which
the program communicates. the program communicates.
7.348. printereffectiverights 7.347. printereffectiverights
elementId: TBD elementId: TBD
name: printereffectiverights name: printereffectiverights
dataType: list dataType: list
structure: list (printerName, trusteeSid, structure: list (printerName, trusteeSid,
standardDelete, standardReadControl, standardWriteDac, standardDelete, standardReadControl, standardWriteDac,
standardWriteOwner, standardSynchronize, standardWriteOwner, standardSynchronize,
accessSystemSecurity, genericRead, genericWrite, accessSystemSecurity, genericRead, genericWrite,
genericExecute, genericAll, printerAccessAdminister, genericExecute, genericAll, printerAccessAdminister,
printerAccessUse, jobAccessAdminister, jobAccessRead) printerAccessUse, jobAccessAdminister, jobAccessRead)
status: current status: current
description: Stores the effective rights of a printer that a description: Stores the effective rights of a printer that a
discretionary access control list (DACL) structure grants to a discretionary access control list (DACL) structure grants to a
specified trustee. The trustee's effective rights are determined specified trustee. The trustee's effective rights are determined
checking all access-allowed and access-denied access control checking all access-allowed and access-denied access control
entries (ACEs) in the DACL. entries (ACEs) in the DACL.
7.349. printerName 7.348. printerName
elementId: TBD elementId: TBD
name: printerName name: printerName
dataType: string dataType: string
status: current status: current
description: Specifies the name of the description: Specifies the name of the
printer. printer.
7.350. printerAccessAdminister 7.349. printerAccessAdminister
elementId: TBD elementId: TBD
name: printerAccessAdminister name: printerAccessAdminister
dataType: boolean dataType: boolean
status: current status: current
description: description:
7.351. printerAccessUse 7.350. printerAccessUse
elementId: TBD elementId: TBD
name: printerAccessUse name: printerAccessUse
dataType: boolean dataType: boolean
status: current status: current
description: description:
7.352. jobAccessAdminister 7.351. jobAccessAdminister
elementId: TBD elementId: TBD
name: jobAccessAdminister name: jobAccessAdminister
dataType: boolean dataType: boolean
status: current status: current
description: description:
7.353. jobAccessRead 7.352. jobAccessRead
elementId: TBD elementId: TBD
name: jobAccessRead name: jobAccessRead
dataType: boolean dataType: boolean
status: current status: current
description: description:
7.354. registry 7.353. registry
elementId: TBD elementId: TBD
name: registry name: registry
dataType: list dataType: list
structure: list (registryHive, registryKey, registryKeyName, structure: list (registryHive, registryKey, registryKeyName,
lastWriteTime, registryKeyType, registryKeyValue, lastWriteTime, registryKeyType, registryKeyValue,
windowsView) windowsView)
status: current status: current
description: Specifies information that can be description: Specifies information that can be
collected about a particular registry key. collected about a particular registry key.
7.355. registryHive 7.354. registryHive
elementId: TBD elementId: TBD
name: registryHive name: registryHive
dataType: enumeration dataType: enumeration
structure: HKEY_CLASSES_ROOT ; 0x1 ; This registry subtree structure: HKEY_CLASSES_ROOT ; 0x1 ; This registry subtree
contains information that associates file types with programs contains information that associates file types with programs
and configuration data for automation (e.g. COM and configuration data for automation (e.g. COM
objects and Visual Basic Programs). objects and Visual Basic Programs).
HKEY_CURRENT_CONFIG ; 0x2 ; This registry subtree contains HKEY_CURRENT_CONFIG ; 0x2 ; This registry subtree contains
configuration data for the current hardware profile. configuration data for the current hardware profile.
HKEY_CURRENT_USER ; 0x3 ; This registry subtree contains the HKEY_CURRENT_USER ; 0x3 ; This registry subtree contains the
skipping to change at page 124, line 26 skipping to change at page 124, line 26
HKEY_LOCAL_MACHINE ; 0x4 ; This registry subtree contains HKEY_LOCAL_MACHINE ; 0x4 ; This registry subtree contains
information about the local system. information about the local system.
HKEY_USERS ; 0x5 ; This registry subtree contains user-specific HKEY_USERS ; 0x5 ; This registry subtree contains user-specific
data. data.
; 0x6 ; The empty string value is permitted here to allow ; 0x6 ; The empty string value is permitted here to allow
for detailed error reporting. for detailed error reporting.
status: current status: current
description: The description: The
hive that the registry key belongs to. hive that the registry key belongs to.
7.356. registryKey 7.355. registryKey
elementId: TBD elementId: TBD
name: registryKey name: registryKey
dataType: string dataType: string
status: current status: current
description: Describes the registry key. description: Describes the registry key.
Note that the hive portion of the string should not be Note that the hive portion of the string should not be
included, as this data can be found under the hive included, as this data can be found under the hive
element. element.
7.357. registryKeyName 7.356. registryKeyName
elementId: TBD elementId: TBD
name: registryKeyName name: registryKeyName
dataType: string dataType: string
status: current status: current
description: Describes the name of a description: Describes the name of a
registry key. registry key.
7.358. lastWriteTime 7.357. lastWriteTime
elementId: TBD elementId: TBD
name: lastWriteTime name: lastWriteTime
dataType: unsigned64 dataType: unsigned64
status: current status: current
description: The last time that the key or any of its value entries description: The last time that the key or any of its value entries
were modified. The value of this entity represents the were modified. The value of this entity represents the
FILETIME structure which is a 64-bit value representing the FILETIME structure which is a 64-bit value representing the
number of 100-nanosecond intervals since January 1, 1601 number of 100-nanosecond intervals since January 1, 1601
(UTC). Last write time can be queried on any key, with hives (UTC). Last write time can be queried on any key, with hives
being classified as a type of key. When collecting only being classified as a type of key. When collecting only
information about a registry hive or key the last write time information about a registry hive or key the last write time
will be the time the key or any of its entries were modified. will be the time the key or any of its entries were modified.
When collecting only information about a registry name the When collecting only information about a registry name the
last write time will be the time the containing key was last write time will be the time the containing key was
modified. Thus when collecting information about a registry modified. Thus when collecting information about a registry
name, the last write time does not correlate directly name, the last write time does not correlate directly
to the specified name. See the RegQueryInfoKey function to the specified name. See the RegQueryInfoKey function
lpftLastWriteTime. lpftLastWriteTime.
7.359. registryKeyType 7.358. registryKeyType
elementId: TBD elementId: TBD
name: registryKeyType name: registryKeyType
dataType: enumeration dataType: enumeration
structure: reg_binary ; 0x1 ; The reg_binary type structure: reg_binary ; 0x1 ; The reg_binary type
is used by registry keys that specify binary data in any is used by registry keys that specify binary data in any
form. form.
reg_dword ; 0x2 ; The reg_dword type is used by reg_dword ; 0x2 ; The reg_dword type is used by
registry keys that specify an unsigned 32-bit integer. registry keys that specify an unsigned 32-bit integer.
reg_dword_little_endian ; 0x3 ; The reg_dword_little_endian reg_dword_little_endian ; 0x3 ; The reg_dword_little_endian
skipping to change at page 126, line 29 skipping to change at page 126, line 29
keys that specify a full resource descriptor. keys that specify a full resource descriptor.
reg_resource_requirements_list; 0xE ; The reg_resource_requirements_list; 0xE ; The
reg_resource_requirements_list type is used by registry keys reg_resource_requirements_list type is used by registry keys
that specify a resource requirements list. that specify a resource requirements list.
; 0xF ; The empty string value is permitted here to allow ; 0xF ; The empty string value is permitted here to allow
for detailed error reporting. for detailed error reporting.
status: current status: current
description: description:
Specifies the type of data stored by the registry key. Specifies the type of data stored by the registry key.
7.360. registryKeyValue 7.359. registryKeyValue
elementId: TBD elementId: TBD
name: registryKeyValue name: registryKeyValue
dataType: string dataType: string
status: current status: current
description: Holds the actual value description: Holds the actual value
of the specified registry key. The representation of the of the specified registry key. The representation of the
value as well as the associated datatype attribute value as well as the associated datatype attribute
depends on type of data stored in the registry key. If the depends on type of data stored in the registry key. If the
value being tested is of type REG_BINARY, then the value being tested is of type REG_BINARY, then the
datatype attribute should be set to 'binary' and the data datatype attribute should be set to 'binary' and the data
skipping to change at page 127, line 38 skipping to change at page 127, line 38
entity with the datatype attribute set to 'string'. In entity with the datatype attribute set to 'string'. In
order to test multiple values, multiple OVAL registry tests order to test multiple values, multiple OVAL registry tests
should be used. If the specified registry key is of should be used. If the specified registry key is of
type REG_SZ, then the datatype should be 'string' and the type REG_SZ, then the datatype should be 'string' and the
value entity should be a copy of the string. If the value entity should be a copy of the string. If the
value being tested is of type REG_LINK, then the datatype value being tested is of type REG_LINK, then the datatype
attribute should be set to 'string' and the attribute should be set to 'string' and the
null-terminated Unicode string should be represented by the null-terminated Unicode string should be represented by the
value entity. value entity.
7.361. regkeyauditedpermissions 7.360. regkeyauditedpermissions
elementId: TBD elementId: TBD
name: regkeyauditedpermissions name: regkeyauditedpermissions
dataType: list dataType: list
structure: list (registryKey, trusteeSid, trusteeName, structure: list (registryKey, trusteeSid, trusteeName,
standardDelete, standardReadControl, standardWriteDac, standardDelete, standardReadControl, standardWriteDac,
standardWriteOwner, standardSynchronize, standardWriteOwner, standardSynchronize,
accessSystemSecurity, genericRead, genericWrite, accessSystemSecurity, genericRead, genericWrite,
genericExecute, genericAll, keyQueryValue, keySetValue, genericExecute, genericAll, keyQueryValue, keySetValue,
keyCreateSubKey, keyEnumerateSubKeys, keyNotify, keyCreateSubKey, keyEnumerateSubKeys, keyNotify,
keyCreateLink, keyWow6464Key, keyWow6432Key, keyWow64Res, keyCreateLink, keyWow6464Key, keyWow6432Key, keyWow64Res,
windowsView) windowsView)
status: current status: current
description: Stores the audited access rights of a registry key description: Stores the audited access rights of a registry key
that a system access control list (SACL) structure grants to a that a system access control list (SACL) structure grants to a
specified trustee. The trustee's audited access rights are specified trustee. The trustee's audited access rights are
determined checking all access control entries (ACEs) in the SACL. determined checking all access control entries (ACEs) in the SACL.
7.362. auditKeyQueryValue 7.361. auditKeyQueryValue
elementId: TBD elementId: TBD
name: auditKeyQueryValue name: auditKeyQueryValue
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: description:
7.363. auditKeySetValue 7.362. auditKeySetValue
elementId: TBD elementId: TBD
name: auditKeySetValue name: auditKeySetValue
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: description:
7.364. auditKeyCreateSubKey 7.363. auditKeyCreateSubKey
elementId: TBD elementId: TBD
name: auditKeyCreateSubKey name: auditKeyCreateSubKey
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: description:
7.365. auditKeyEnumerateSubKeys 7.364. auditKeyEnumerateSubKeys
elementId: TBD elementId: TBD
name: auditKeyEnumerateSubKeys name: auditKeyEnumerateSubKeys
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: description:
7.366. auditKeyNotify 7.365. auditKeyNotify
elementId: TBD elementId: TBD
name: auditKeyNotify name: auditKeyNotify
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: description:
7.367. auditKeyCreateLink 7.366. auditKeyCreateLink
elementId: TBD elementId: TBD
name: auditKeyCreateLink name: auditKeyCreateLink
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: description:
7.368. auditKeyWow6464Key 7.367. auditKeyWow6464Key
elementId: TBD elementId: TBD
name: auditKeyWow6464Key name: auditKeyWow6464Key
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: description:
7.369. auditKeyWow6432Key 7.368. auditKeyWow6432Key
elementId: TBD elementId: TBD
name: auditKeyWow6432Key name: auditKeyWow6432Key
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: description:
7.370. auditKeyWow64Res 7.369. auditKeyWow64Res
elementId: TBD elementId: TBD
name: auditKeyWow64Res name: auditKeyWow64Res
dataType: enumeration dataType: enumeration
structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is structure: AUDIT_FAILURE ; 0x1 ; The audit type AUDIT_FAILURE is
used to perform audits on all unsuccessful occurrences of used to perform audits on all unsuccessful occurrences of
specified events when auditing is enabled. specified events when auditing is enabled.
AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel AUDIT_NONE ; 0x2 ; The audit type AUDIT_NONE is used to cancel
all auditing options for the specified events. all auditing options for the specified events.
AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to AUDIT_SUCCESS ; 0x3 ; The audit type AUDIT_SUCCESS is used to
perform audits on all successful occurrences of the specified perform audits on all successful occurrences of the specified
events when auditing is enabled. events when auditing is enabled.
AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE AUDIT_SUCCESS_FAILURE ; 0x4 ; The audit type AUDIT_SUCCESS_FAILURE
is used to perform audits on all successful and unsuccessful is used to perform audits on all successful and unsuccessful
occurrences of the specified events when auditing is enabled. occurrences of the specified events when auditing is enabled.
; 0x5 ; The empty string value is permitted here to allow for ; 0x5 ; The empty string value is permitted here to allow for
detailed error reporting. detailed error reporting.
status: current status: current
description: description:
7.371. regkeyeffectiverights 7.370. regkeyeffectiverights
elementId: TBD elementId: TBD
name: regkeyeffectiverights name: regkeyeffectiverights
dataType: list dataType: list
structure: list (registryHive, registryKey, trusteeSid, structure: list (registryHive, registryKey, trusteeSid,
trusteeName, standardDelete, standardReadControl, trusteeName, standardDelete, standardReadControl,
standardWriteDac, standardWriteOwner, standardSynchronize, standardWriteDac, standardWriteOwner, standardSynchronize,
accessSystemSecurity, genericRead, genericWrite, accessSystemSecurity, genericRead, genericWrite,
genericExecute, genericAll, keyQueryValue, keySetValue, genericExecute, genericAll, keyQueryValue, keySetValue,
keyCreateSubKey, keyEnumerateSubKeys, keyNotify, keyCreateSubKey, keyEnumerateSubKeys, keyNotify,
keyCreateLink, keyWow6464Key, keyWow6432Key, keyWow64Res, keyCreateLink, keyWow6464Key, keyWow6432Key, keyWow64Res,
windowsView) windowsView)
status: current status: current
description: Stores the effective rights of a registry key that a description: Stores the effective rights of a registry key that a
discretionary access control list (DACL) structure grants to a discretionary access control list (DACL) structure grants to a
specified trustee. The trustee's effective rights are determined specified trustee. The trustee's effective rights are determined
checking all access-allowed and access-denied access control checking all access-allowed and access-denied access control
entries (ACEs) in the DACL. entries (ACEs) in the DACL.
7.372. keyQueryValue 7.371. keyQueryValue
elementId: TBD elementId: TBD
name: keyQueryValue name: keyQueryValue
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether or not description: Specifies whether or not
permission is granted to query the key's value. permission is granted to query the key's value.
7.373. keySetValue 7.372. keySetValue
elementId: TBD elementId: TBD
name: keySetValue name: keySetValue
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether or not description: Specifies whether or not
permission is granted to set the key's value. permission is granted to set the key's value.
7.374. keyCreateSubKey 7.373. keyCreateSubKey
elementId: TBD elementId: TBD
name: keyCreateSubKey name: keyCreateSubKey
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether or not description: Specifies whether or not
permission is granted to create a subkey. permission is granted to create a subkey.
7.375. keyEnumerateSubKeys 7.374. keyEnumerateSubKeys
elementId: TBD elementId: TBD
name: keyEnumerateSubKeys name: keyEnumerateSubKeys
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether or description: Specifies whether or
not permission is granted to list the subkeys associated not permission is granted to list the subkeys associated
with key. with key.
7.376. keyNotify 7.375. keyNotify
elementId: TBD elementId: TBD
name: keyNotify name: keyNotify
dataType: boolean dataType: boolean
status: current status: current
description: description:
7.377. keyCreateLink 7.376. keyCreateLink
elementId: TBD elementId: TBD
name: keyCreateLink name: keyCreateLink
dataType: boolean dataType: boolean
status: current status: current
description: description:
7.378. keyWow6464Key 7.377. keyWow6464Key
elementId: TBD elementId: TBD
name: keyWow6464Key name: keyWow6464Key
dataType: boolean dataType: boolean
status: current status: current
description: description:
7.379. keyWow6432Key 7.378. keyWow6432Key
elementId: TBD elementId: TBD
name: keyWow6432Key name: keyWow6432Key
dataType: boolean dataType: boolean
status: current status: current
description: description:
7.380. keyWow64Res 7.379. keyWow64Res
elementId: TBD elementId: TBD
name: keyWow64Res name: keyWow64Res
dataType: boolean dataType: boolean
status: current status: current
description: description:
7.381. service 7.380. service
elementId: TBD elementId: TBD
name: service name: service
dataType: list dataType: list
structure: list (serviceName, displayName, description, structure: list (serviceName, displayName, description,
serviceType, startType, currentState, controlsAccepted, serviceType, startType, currentState, controlsAccepted,
startName, path, pid, serviceFlag, dependencies) startName, path, pid, serviceFlag, dependencies)
status: current status: current
description: Stores information about Windows services that are description: Stores information about Windows services that are
present on the system. present on the system.
7.382. displayName 7.381. displayName
elementId: TBD elementId: TBD
name: displayName name: displayName
dataType: string dataType: string
status: current status: current
description: Specifies the name of the description: Specifies the name of the
service as specified in administrative tools. service as specified in administrative tools.
7.383. description 7.382. description
elementId: TBD elementId: TBD
name: description name: description
dataType: string dataType: string
status: current status: current
description: Specifies the description of description: Specifies the description of
the service. the service.
7.384. serviceType 7.383. serviceType
elementId: TBD elementId: TBD
name: serviceType name: serviceType
dataType: enumeration dataType: enumeration
structure: SERVICE_FILE_SYSTEM_DRIVER ; 0x1 ; The structure: SERVICE_FILE_SYSTEM_DRIVER ; 0x1 ; The
SERVICE_FILE_SYSTEM_DRIVER type means that the service is SERVICE_FILE_SYSTEM_DRIVER type means that the service is
a file system driver. The DWORD value that this a file system driver. The DWORD value that this
corresponds to is 0x00000002. corresponds to is 0x00000002.
SERVICE_KERNEL_DRIVER ; 0x2 ; The SERVICE_KERNEL_DRIVER type SERVICE_KERNEL_DRIVER ; 0x2 ; The SERVICE_KERNEL_DRIVER type
means that the service is a driver. The DWORD value that means that the service is a driver. The DWORD value that
this corresponds to is 0x00000001. this corresponds to is 0x00000001.
skipping to change at page 136, line 31 skipping to change at page 136, line 31
SERVICE_INTERACTIVE_PROCESS ; 0x5 ; The SERVICE_INTERACTIVE_PROCESS ; 0x5 ; The
SERVICE_WIN32_SHARE_PROCESS type means that the service runs SERVICE_WIN32_SHARE_PROCESS type means that the service runs
in a process with other services. The DWORD value that this in a process with other services. The DWORD value that this
corresponds to is 0x00000100. corresponds to is 0x00000100.
; 0x6 ; The empty string value is permitted here to allow for ; 0x6 ; The empty string value is permitted here to allow for
empty elements associated with error conditions. empty elements associated with error conditions.
status: current status: current
description: description:
Specifies the type of the service. Specifies the type of the service.
7.385. startType 7.384. startType
elementId: TBD elementId: TBD
name: startType name: startType
dataType: enumeration dataType: enumeration
structure: SERVICE_AUTO_START ; 0x1 ; The SERVICE_AUTO_START type structure: SERVICE_AUTO_START ; 0x1 ; The SERVICE_AUTO_START type
means that the service is started automatically by the Service means that the service is started automatically by the Service
Control Manager (SCM) during startup. The DWORD value that Control Manager (SCM) during startup. The DWORD value that
this corresponds to is 0x00000002. this corresponds to is 0x00000002.
SERVICE_BOOT_START ; 0x2 ; The SERVICE_BOOT_START type means SERVICE_BOOT_START ; 0x2 ; The SERVICE_BOOT_START type means
that the driver service is started by the system loader. The that the driver service is started by the system loader. The
DWORD value that this corresponds to is 0x00000000. DWORD value that this corresponds to is 0x00000000.
skipping to change at page 137, line 30 skipping to change at page 137, line 30
this corresponds to is 0x00000004. this corresponds to is 0x00000004.
SERVICE_SYSTEM_START ; 0x5 ; The SERVICE_SYSTEM_START type SERVICE_SYSTEM_START ; 0x5 ; The SERVICE_SYSTEM_START type
means that the service is a device driver started by means that the service is a device driver started by
IoInitSystem(). The DWORD value that this corresponds to is IoInitSystem(). The DWORD value that this corresponds to is
0x00000001. 0x00000001.
; 0x6 ; The empty string value is permitted here to allow ; 0x6 ; The empty string value is permitted here to allow
for empty elements associated with error conditions. for empty elements associated with error conditions.
status: current status: current
description: Specifies when the service should be started. description: Specifies when the service should be started.
7.386. currentState 7.385. currentState
elementId: TBD elementId: TBD
name: currentState name: currentState
dataType: enumeration dataType: enumeration
structure: SERVICE_CONTINUE_PENDING ; 0x1 ; The structure: SERVICE_CONTINUE_PENDING ; 0x1 ; The
SERVICE_CONTINUE_PENDING type means that the service has been SERVICE_CONTINUE_PENDING type means that the service has been
sent a command to continue, however, the command has sent a command to continue, however, the command has
not yet been executed. The DWORD value that this corresponds not yet been executed. The DWORD value that this corresponds
to is 0x00000005. SERVICE_PAUSE_PENDING ; 0x2 ; The to is 0x00000005. SERVICE_PAUSE_PENDING ; 0x2 ; The
SERVICE_PAUSE_PENDING type means that the service has been SERVICE_PAUSE_PENDING type means that the service has been
sent a command to pause, however, the command has not sent a command to pause, however, the command has not
skipping to change at page 138, line 40 skipping to change at page 138, line 40
corresponds to is 0x00000003. corresponds to is 0x00000003.
SERVICE_STOPPED ; 0x7 ; The SERVICE_STOPPED type means that SERVICE_STOPPED ; 0x7 ; The SERVICE_STOPPED type means that
the service is stopped. The DWORD value that this corresponds the service is stopped. The DWORD value that this corresponds
to is 0x00000001. to is 0x00000001.
; 0x8 ; The empty string value is permitted here to allow ; 0x8 ; The empty string value is permitted here to allow
for empty elements associated with error conditions. for empty elements associated with error conditions.
status: current status: current
description: Specifies the current state of description: Specifies the current state of
the service. the service.
7.387. controlsAccepted 7.386. controlsAccepted
elementId: TBD elementId: TBD
name: controlsAccepted name: controlsAccepted
dataType: enumeration dataType: enumeration
structure: SERVICE_ACCEPT_NETBINDCHANGE ; 0x1 ; structure: SERVICE_ACCEPT_NETBINDCHANGE ; 0x1 ;
The SERVICE_ACCEPT_NETBINDCHANGE type means that the The SERVICE_ACCEPT_NETBINDCHANGE type means that the
service is a network component and can accept changes in its service is a network component and can accept changes in its
binding without being stopped or restarted. The DWORD value binding without being stopped or restarted. The DWORD value
that this corresponds to is 0x00000010. that this corresponds to is 0x00000010.
SERVICE_ACCEPT_PARAMCHANGE ; 0x2 ; The SERVICE_ACCEPT_PARAMCHANGE SERVICE_ACCEPT_PARAMCHANGE ; 0x2 ; The SERVICE_ACCEPT_PARAMCHANGE
skipping to change at page 140, line 5 skipping to change at page 140, line 5
receive notifications when an event that the service receive notifications when an event that the service
has registered for occurs on the system. The DWORD value that has registered for occurs on the system. The DWORD value that
this corresponds to is 0x00000400. this corresponds to is 0x00000400.
; 0xC ; The empty string value is permitted here to allow ; 0xC ; The empty string value is permitted here to allow
for empty elements associated with error conditions. for empty elements associated with error conditions.
status: current status: current
description: Specifies the control codes that a service will description: Specifies the control codes that a service will
accept and process. accept and process.
7.388. startName 7.387. startName
elementId: TBD elementId: TBD
name: startName name: startName
dataType: string dataType: string
status: current status: current
description: Specifies the account under description: Specifies the account under
which the process should run. which the process should run.
7.389. serviceFlag 7.388. serviceFlag
elementId: TBD elementId: TBD
name: serviceFlag name: serviceFlag
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether the description: Specifies whether the
service is in a system process that must always run (true) service is in a system process that must always run (true)
or if the service is in a non-system process or is not or if the service is in a non-system process or is not
running (false). running (false).
7.390. dependencies 7.389. dependencies
elementId: TBD elementId: TBD
name: dependencies name: dependencies
dataType: string dataType: string
status: current status: current
description: Specifies the dependencies description: Specifies the dependencies
of this service on other services. of this service on other services.
7.391. serviceeffectiverights 7.390. serviceeffectiverights
elementId: TBD elementId: TBD
name: serviceeffectiverights name: serviceeffectiverights
dataType: list dataType: list
structure: list (serviceName, trusteeSid, structure: list (serviceName, trusteeSid,
standardDelete, standardReadControl, standardWriteDac, standardDelete, standardReadControl, standardWriteDac,
standardWriteOwner, genericRead, genericWrite, standardWriteOwner, genericRead, genericWrite,
genericExecute, serviceQueryConf, serviceChangeConf, genericExecute, serviceQueryConf, serviceChangeConf,
serviceQueryStat, serviceEnumDependents, serviceStart, serviceQueryStat, serviceEnumDependents, serviceStart,
serviceStop, servicePause, serviceInterrogate, serviceStop, servicePause, serviceInterrogate,
serviceUserDefined) serviceUserDefined)
status: current status: current
description: Stores the description: Stores the
effective rights of a service that a discretionary access effective rights of a service that a discretionary access
control list (DACL) structure grants to a specified control list (DACL) structure grants to a specified
trustee. The trustee's effective rights are determined by trustee. The trustee's effective rights are determined by
checking all access-allowed and access-denied access checking all access-allowed and access-denied access
control entries (ACEs) in the DACL. control entries (ACEs) in the DACL.
7.392. trusteeSid 7.391. trusteeSid
elementId: TBD elementId: TBD
name: trusteeSid name: trusteeSid
dataType: string dataType: string
status: current status: current
description: Specifies the SID that is description: Specifies the SID that is
associated with a user, group, system, or program (such as a associated with a user, group, system, or program (such as a
Windows service). Windows service).
7.393. serviceQueryConf 7.392. serviceQueryConf
elementId: TBD elementId: TBD
name: serviceQueryConf name: serviceQueryConf
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether or description: Specifies whether or
not permission is granted to query the service configuration. not permission is granted to query the service configuration.
7.394. serviceChangeConf 7.393. serviceChangeConf
elementId: TBD elementId: TBD
name: serviceChangeConf name: serviceChangeConf
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether or description: Specifies whether or
not permission is granted to change service configuration. not permission is granted to change service configuration.
7.395. serviceQueryStat 7.394. serviceQueryStat
elementId: TBD elementId: TBD
name: serviceQueryStat name: serviceQueryStat
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether or description: Specifies whether or
not permission is granted to query the service control not permission is granted to query the service control
manager about the status of the service. manager about the status of the service.
7.396. serviceEnumDependents 7.395. serviceEnumDependents
elementId: TBD elementId: TBD
name: serviceEnumDependents name: serviceEnumDependents
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether description: Specifies whether
or not permission is granted to query for an enumeration of or not permission is granted to query for an enumeration of
all the services dependent on the service. all the services dependent on the service.
7.397. serviceStart 7.396. serviceStart
elementId: TBD elementId: TBD
name: serviceStart name: serviceStart
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether or not description: Specifies whether or not
permission is granted to start the service. permission is granted to start the service.
7.398. serviceStop 7.397. serviceStop
elementId: TBD elementId: TBD
name: serviceStop name: serviceStop
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether or not description: Specifies whether or not
permission is granted to stop the service. permission is granted to stop the service.
7.399. servicePause 7.398. servicePause
elementId: TBD elementId: TBD
name: servicePause name: servicePause
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether or not description: Specifies whether or not
permission is granted to pause or continue the service. permission is granted to pause or continue the service.
7.400. serviceInterrogate 7.399. serviceInterrogate
elementId: TBD elementId: TBD
name: serviceInterrogate name: serviceInterrogate
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether or not permission is granted to description: Specifies whether or not permission is granted to
request the service to report its status immediately. request the service to report its status immediately.
7.401. serviceUserDefined 7.400. serviceUserDefined
elementId: TBD elementId: TBD
name: serviceUserDefined name: serviceUserDefined
dataType: boolean dataType: boolean
status: current status: current
description: Specifies whether or description: Specifies whether or
not permission is granted to specify a user-defined not permission is granted to specify a user-defined
control code. control code.
7.402. sharedresourceauditedpermissions 7.401. sharedresourceauditedpermissions
elementId: TBD elementId: TBD
name: sharedresourceauditedpermissions name: sharedresourceauditedpermissions
dataType: list dataType: list
structure: list (netname, trusteeSid, structure: list (netname, trusteeSid,
standardDelete, standardReadControl, standardWriteDac, standardDelete, standardReadControl, standardWriteDac,
standardWriteOwner, standardSynchronize, standardWriteOwner, standardSynchronize,
accessSystemSecurity, genericRead, genericWrite, accessSystemSecurity, genericRead, genericWrite,
genericExecute, genericAll) genericExecute, genericAll)
status: current status: current
description: Stores description: Stores
the audited access rights of a shared resource that a system the audited access rights of a shared resource that a system
access control list (SACL) structure grants to a access control list (SACL) structure grants to a
specified trustee. The trustee's audited access rights are specified trustee. The trustee's audited access rights are
determined checking all access control entries (ACEs) determined checking all access control entries (ACEs)
in the SACL. in the SACL.
7.403. netname 7.402. netname
elementId: TBD elementId: TBD
name: netname name: netname
dataType: string dataType: string
status: current status: current
description: Specifies the name associated description: Specifies the name associated
with a particular shared resource. with a particular shared resource.
7.404. sharedresourceeffectiverights 7.403. sharedresourceeffectiverights
elementId: TBD elementId: TBD
name: sharedresourceeffectiverights name: sharedresourceeffectiverights
dataType: list dataType: list
structure: list (netname, trusteeSid, structure: list (netname, trusteeSid,
standardDelete, standardReadControl, standardWriteDac, standardDelete, standardReadControl, standardWriteDac,
standardWriteOwner, standardSynchronize, standardWriteOwner, standardSynchronize,
accessSystemSecurity, genericRead, genericWrite, accessSystemSecurity, genericRead, genericWrite,
genericExecute, genericAll) genericExecute, genericAll)
status: current status: current
description: Stores description: Stores
the effective rights of a shared resource that a the effective rights of a shared resource that a
discretionary access control list (DACL) structure grants discretionary access control list (DACL) structure grants
to a specified trustee. The trustee's effective rights are to a specified trustee. The trustee's effective rights are
determined checking all access-allowed and access-denied determined checking all access-allowed and access-denied
access control entries (ACEs) in the DACL. access control entries (ACEs) in the DACL.
7.405. user 7.404. user
elementId: TBD elementId: TBD
name: user name: user
dataType: list dataType: list
structure: list (username, enabled, group, lastLogon) structure: list (username, enabled, group, lastLogon)
status: current status: current
description: Specifies the groups to which a user belongs. description: Specifies the groups to which a user belongs.
7.406. enabled 7.405. enabled
elementId: TBD elementId: TBD
name: enabled name: enabled
dataType: boolean dataType: boolean
status: current status: current
description: Represents whether the description: Represents whether the
particular user is enabled or not. particular user is enabled or not.
7.407. lastLogon 7.406. lastLogon
elementId: TBD elementId: TBD
name: lastLogon name: lastLogon
dataType: unsigned32 dataType: unsigned32
status: current status: current
description: The date and time when the description: The date and time when the
last logon occurred. last logon occurred.
7.408. groupSid 7.407. groupSid
elementId: TBD elementId: TBD
name: groupSid name: groupSid
dataType: string dataType: string
status: current status: current
description: Represents the SID of a description: Represents the SID of a
particular group. If the specified user belongs to more than particular group. If the specified user belongs to more than
one group, then multiple groupSid elements are one group, then multiple groupSid elements are
applicable. If the specified user is not a member of a single applicable. If the specified user is not a member of a single
group, then a single groupSid element should be group, then a single groupSid element should be
skipping to change at page 153, line 42 skipping to change at page 153, line 42
Specified a syntax for defining category IEs. Specified a syntax for defining category IEs.
Added an anyCategory IE that represents any IE in the IM. Added an anyCategory IE that represents any IE in the IM.
Fixed several errors reported by the Travis-CI continuous integration Fixed several errors reported by the Travis-CI continuous integration
service. service.
Performed various other editorial changes and clean-up. Performed various other editorial changes and clean-up.
A.9. Changes in Revision 09
Added "derived", "authority", and "verified" to the
collectionTaskType IE (https://github.com/sacmwg/draft-ietf-sacm-
information-model/issues/18).
Updated IE examples that use content-type to use statement-type
(https://github.com/sacmwg/draft-ietf-sacm-information-model/
issues/56).
Added "networkZoneLocation", "layer2NetworkLocation", and
"layer3NetworkLocation" IEs (https://github.com/sacmwg/draft-ietf-
sacm-information-model/issues/9).
Created a softwareClass attribute IE and added it to the
softwareInstance subject IE. Also, removed the os* attribute IEs
(https://github.com/sacmwg/draft-ietf-sacm-information-model/
issues/10).
Authors' Addresses Authors' Addresses
David Waltermire (editor) David Waltermire (editor)
National Institute of Standards and Technology National Institute of Standards and Technology
100 Bureau Drive 100 Bureau Drive
Gaithersburg, Maryland 20877 Gaithersburg, Maryland 20877
USA USA
Email: david.waltermire@nist.gov Email: david.waltermire@nist.gov
Kim Watson Kim Watson
United States Department of Homeland Security United States Department of Homeland Security
DHS/CS&C/FNR DHS/CS&C/FNR
245 Murray Ln. SW, Bldg 410 245 Murray Ln. SW, Bldg 410
MS0613 MS0613
Washington, DC 20528 Washington, DC 20528
USA USA
Email: kimberly.watson@hq.dhs.gov Email: kimberly.watson@hq.dhs.gov
 End of changes. 370 change blocks. 
794 lines changed or deleted 821 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/