snort2-docker/docker/etc/attribute_table.dtd
2020-02-24 08:56:30 -05:00

27 lines
1.3 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<!ELEMENT SNORT_ATTRIBUTES ((ATTRIBUTE_MAP, ATTRIBUTE_TABLE))>
<!ELEMENT ATTRIBUTE_MAP ((ENTRY*))>
<!ELEMENT ENTRY ((ID, VALUE))>
<!ELEMENT ID (#PCDATA)>
<!ELEMENT VALUE (#PCDATA)>
<!ELEMENT ATTRIBUTE_TABLE ((HOST*))>
<!ELEMENT HOST ((IP, OPERATING_SYSTEM, (SERVICES | CLIENTS)*))>
<!ELEMENT IP (#PCDATA)>
<!ELEMENT OPERATING_SYSTEM ((NAME, VENDOR, VERSION, FRAG_POLICY, STREAM_POLICY))>
<!ELEMENT NAME (((ATTRIBUTE_VALUE | ATTRIBUTE_ID), CONFIDENCE?))>
<!ELEMENT VERSION (((ATTRIBUTE_VALUE | ATTRIBUTE_ID), CONFIDENCE?))>
<!ELEMENT VENDOR (((ATTRIBUTE_VALUE | ATTRIBUTE_ID), CONFIDENCE?))>
<!ELEMENT FRAG_POLICY (#PCDATA)>
<!ELEMENT STREAM_POLICY (#PCDATA)>
<!ELEMENT CLIENTS ((CLIENT*))>
<!ELEMENT CLIENT (((PROTOCOL | (IPPROTO, PROTOCOL)), APPLICATION))>
<!ELEMENT SERVICES ((SERVICE*))>
<!ELEMENT SERVICE ((PORT, IPPROTO, PROTOCOL, APPLICATION?))>
<!ELEMENT PORT (((ATTRIBUTE_VALUE | ATTRIBUTE_ID), CONFIDENCE?))>
<!ELEMENT PROTOCOL (((ATTRIBUTE_VALUE | ATTRIBUTE_ID), CONFIDENCE?))>
<!ELEMENT IPPROTO (((ATTRIBUTE_VALUE | ATTRIBUTE_ID), CONFIDENCE?))>
<!ELEMENT APPLICATION (((ATTRIBUTE_VALUE | ATTRIBUTE_ID), CONFIDENCE?),VERSION?)>
<!ELEMENT ATTRIBUTE_VALUE (#PCDATA)>
<!ELEMENT ATTRIBUTE_ID (#PCDATA)>
<!ELEMENT CONFIDENCE (#PCDATA)>