Security Incident ABE UML Documentation

Element

Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE
Class SecurityIncident

Attributes
EntityIdentification	_entityIdentification
SecurityEvent	_securityEvent
SecurityIncidentAssessment	_securityIncidentAssessment
SecurityIncidentAttachment	_securityIncidentAttachment
SecurityIncidentAttackMethod	_securityIncidentAttackMethod
SecurityIncidentHistory	_securityIncidentHistory
SecurityThreatActor	_securityThreatActor
SecurityIncidentRelatedParty	_securityTrackingParty
TroubleTicket	_troubleTicket
String	detectionMethod	Method used for detection (e.g. user report, detected by sensor, network flow analysis)
String	exerciseDescription	If the incident is part of an exercise, this attribute describes that exercise.
DateTime	initialDetectionDateTime	Date/time initial detection of activity occurred associated with this incident.
DateTime	intiallyReportedDateTime	Date and time initially reported.
Boolean	isExercise	Indicates whether this incident is real or part of an exercise (i.e. part of a test of an organization's security posture).
Boolean	isFalsePositive	Boolean for the evaluation whether this incident is a false positive or not.
DateTime	lastUpdateDateTime	Last date/time the incident was updated.
String	status	Free-text analyst description of the current status of the incident
String	synopsis	Free text synopsis for analyst notes
String	targetUsedAs	Description of the how the compromised resource was used by the attacker.
«baseType» TimePeriod	validFor	Assessment of start and end date/time event activity associated with this incident occurred.

Properties:

Alias
Classifier Behavior
Is Abstract	false
Is Active	false
Is Leaf	false
Keywords
Name	SecurityIncident
Name Expression
Namespace	Security Incident ABE
Owned Template Signature
Owner	Security Incident ABE
Owning Template Parameter
Package	Security Incident ABE
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident
Representation
Stereotype
Template Parameter
Visibility	Public

Attribute Details

_entityIdentification

Public EntityIdentification _entityIdentification

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurityIncidentRecognizedUsing
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	*
Name	_entityIdentification
Name Expression
Namespace	SecurityIncident
Opposite	_securityIncident
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::_entityIdentification
Stereotype
Template Parameter
Type	EntityIdentification
Upper	*
Upper Value	(*)
Visibility	Public

_securityEvent

Public SecurityEvent _securityEvent

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurityEventIsPartOf
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	*
Name	_securityEvent
Name Expression
Namespace	SecurityIncident
Opposite	_securityIncident
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::_securityEvent
Stereotype
Template Parameter
Type	SecurityEvent
Upper	*
Upper Value	(*)
Visibility	Public

_securityIncidentAssessment

Public SecurityIncidentAssessment _securityIncidentAssessment

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurityIncidentAssessedBy
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	_securityIncidentAssessment
Name Expression
Namespace	SecurityIncident
Opposite	_securityIncident
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::_securityIncidentAssessment
Stereotype
Template Parameter
Type	SecurityIncidentAssessment
Upper	1
Upper Value	(1)
Visibility	Public

_securityIncidentAttachment

Public SecurityIncidentAttachment _securityIncidentAttachment

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurityIncidentSupplementedBy
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	*
Name	_securityIncidentAttachment
Name Expression
Namespace	SecurityIncident
Opposite	_securityIncident
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::_securityIncidentAttachment
Stereotype
Template Parameter
Type	SecurityIncidentAttachment
Upper	*
Upper Value	(*)
Visibility	Public

_securityIncidentAttackMethod

Public SecurityIncidentAttackMethod _securityIncidentAttackMethod

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurityIncidentAttackedUsing
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	*
Name	_securityIncidentAttackMethod
Name Expression
Namespace	SecurityIncident
Opposite	_securityIncident
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::_securityIncidentAttackMethod
Stereotype
Template Parameter
Type	SecurityIncidentAttackMethod
Upper	*
Upper Value	(*)
Visibility	Public

_securityIncidentHistory

Public SecurityIncidentHistory _securityIncidentHistory

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurityIncidentDocumentedBy
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	*
Name	_securityIncidentHistory
Name Expression
Namespace	SecurityIncident
Opposite	_securityIncident
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::_securityIncidentHistory
Stereotype
Template Parameter
Type	SecurityIncidentHistory
Upper	*
Upper Value	(*)
Visibility	Public

_securityThreatActor

Public SecurityThreatActor _securityThreatActor

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurityThreatActorInvolvedIn
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	*
Name	_securityThreatActor
Name Expression
Namespace	SecurityIncident
Opposite	_securityIncident
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::_securityThreatActor
Stereotype
Template Parameter
Type	SecurityThreatActor
Upper	*
Upper Value	(*)
Visibility	Public

_securityTrackingParty

Public SecurityIncidentRelatedParty _securityTrackingParty

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurityIncidentTrackedBy
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	*
Name	_securityTrackingParty
Name Expression
Namespace	SecurityIncident
Opposite	_securityIncident
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::_securityTrackingParty
Stereotype
Template Parameter
Type	SecurityIncidentRelatedParty
Upper	*
Upper Value	(*)
Visibility	Public

_troubleTicket

Public TroubleTicket _troubleTicket

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurityIncidentReferences
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	*
Name	_troubleTicket
Name Expression
Namespace	SecurityIncident
Opposite	_securityIncident
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::_troubleTicket
Stereotype
Template Parameter
Type	TroubleTicket
Upper	*
Upper Value	(*)
Visibility	Public

detectionMethod

Public String detectionMethod

Method used for detection (e.g. user report, detected by sensor, network flow analysis)

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	*
Name	detectionMethod
Name Expression
Namespace	SecurityIncident
Opposite
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::detectionMethod
Stereotype	required
Template Parameter
Type	String
Upper	*
Upper Value	(*)
Visibility	Public

exerciseDescription

Public String exerciseDescription

If the incident is part of an exercise, this attribute describes that exercise.

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	exerciseDescription
Name Expression
Namespace	SecurityIncident
Opposite
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::exerciseDescription
Stereotype
Template Parameter
Type	String
Upper	1
Upper Value	(1)
Visibility	Public

initialDetectionDateTime

Public DateTime initialDetectionDateTime

Date/time initial detection of activity occurred associated with this incident.

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	initialDetectionDateTime
Name Expression
Namespace	SecurityIncident
Opposite
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::initialDetectionDateTime
Stereotype	required
Template Parameter
Type	DateTime
Upper	1
Upper Value	(1)
Visibility	Public

intiallyReportedDateTime

Public DateTime intiallyReportedDateTime

Date and time initially reported.

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	intiallyReportedDateTime
Name Expression
Namespace	SecurityIncident
Opposite
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::intiallyReportedDateTime
Stereotype	required
Template Parameter
Type	DateTime
Upper	1
Upper Value	(1)
Visibility	Public

isExercise

Public Boolean isExercise

Indicates whether this incident is real or part of an exercise (i.e. part of a test of an organization's security posture).

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	isExercise
Name Expression
Namespace	SecurityIncident
Opposite
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::isExercise
Stereotype
Template Parameter
Type	Boolean
Upper	1
Upper Value	(1)
Visibility	Public

isFalsePositive

Public Boolean isFalsePositive

Boolean for the evaluation whether this incident is a false positive or not.

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	1
Lower Value
Multiplicity	None (1)
Name	isFalsePositive
Name Expression
Namespace	SecurityIncident
Opposite
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::isFalsePositive
Stereotype
Template Parameter
Type	Boolean
Upper	1
Upper Value
Visibility	Public

lastUpdateDateTime

Public DateTime lastUpdateDateTime

Last date/time the incident was updated.

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	lastUpdateDateTime
Name Expression
Namespace	SecurityIncident
Opposite
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::lastUpdateDateTime
Stereotype
Template Parameter
Type	DateTime
Upper	1
Upper Value	(1)
Visibility	Public

status

Public String status

Free-text analyst description of the current status of the incident

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	status
Name Expression
Namespace	SecurityIncident
Opposite
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::status
Stereotype	required
Template Parameter
Type	String
Upper	1
Upper Value	(1)
Visibility	Public

synopsis

Public String synopsis

Free text synopsis for analyst notes

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	synopsis
Name Expression
Namespace	SecurityIncident
Opposite
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::synopsis
Stereotype
Template Parameter
Type	String
Upper	1
Upper Value	(1)
Visibility	Public

targetUsedAs

Public String targetUsedAs

Description of the how the compromised resource was used by the attacker.

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	*
Name	targetUsedAs
Name Expression
Namespace	SecurityIncident
Opposite
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::targetUsedAs
Stereotype
Template Parameter
Type	String
Upper	*
Upper Value	(*)
Visibility	Public

validFor

Public «baseType» TimePeriod validFor

Assessment of start and end date/time event activity associated with this incident occurred.

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityIncident
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	validFor
Name Expression
Namespace	SecurityIncident
Opposite
Owner	SecurityIncident
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Incident ABE::SecurityIncident::validFor
Stereotype
Template Parameter
Type	«baseType» TimePeriod
Upper	1
Upper Value	(1)
Visibility	Public

Comments

An unplanned interruption to an IT Service or reduction in the Quality of an IT Service, including loss of confidentiality, integrity, or availability due to unauthorized entry or an information attack on an information system. It includes unauthorized probing and browsing; disruption or denial of service; altered or destroyed input, processing, storage, or output of information; or changes to information system hardware, firmware, or software characteristics with or without the users' knowledge, instruction, or intent.

Overview

Top

Package

Element

Security Incident ABE UML Documentation

Summary:AttributesCommentsProperties

Detail:Attributes