Class Hierarchy
Class Attributes
Class Qualifiers
Properties
Methods
Associations in which the class can participate
Sub Profiling Summary
CIM_SecurityIndication --> CIM_AlertIndication --> CIM_ProcessIndication --> CIM_Indication --> [top]
Class Declaration Attributes Name Value SUPERCLASS CIM_AlertIndication NAME CIM_SecurityIndication
Class CIM_SecurityIndication Qualifiers Name Type Value From Class Experimental boolean true CIM_SecurityIndication Version string 2.10.0 CIM_SecurityIndication Description string SecurityIndication provides a common superclass for the CIM Security Events schema. SecurityIndications are messages produced by Detectors that watch for and report on events that have security implications. Detectors may include, but are not limited to intrusion detection systems, antivirus scanners, firewalls, vulnerability scanners, or operating system sentries and subsystems. Although often due to attacks or probes, security events can also reflect normal activity, such as host or network login, firewall connections, etc. Messages include information about the Effect of the event, the Mechanism or method by which the event occurred, and the Resource affected by the event. Properties from the base class CIM_Indication that MUST be populated are: IndicationIdentifier and IndicationTime. A property from the superclass CIM_AlertIndication that MUST be populated is: AlertType which MUST be set to " Security " . EventID, ProviderName and AlertingManagedElement in some combination SHOULD be populated in a way that identifies the device type and its source in an unambiguous way from the Detector ’ s point of view. CIM_SecurityIndication Indication boolean true CIM_SecurityIndication Description string A concrete superclass for CIM Alert notifications. An AlertIndication is a specialized type of CIM_Indication that contains information about the severity, cause, recommended actions and other data of a real world event. This event and its data may or may not be modeled in the CIM class hierarchy. CIM_AlertIndication Indication boolean true CIM_AlertIndication Description string An abstract superclass for specialized Indication classes, addressing specific changes and alerts published by providers and instrumentation. Subclasses include AlertIndication (with properties such as PerceivedSeverity and ProbableCause), and SNMPTrapIndication (which recasts Traps as CIM indications). CIM_ProcessIndication Indication boolean true CIM_ProcessIndication Indication boolean true CIM_Indication Description string CIM_Indication is the abstract root class for all notifications about changes in schema, objects and their data, and about events detected by providers and instrumentation. Subclasses represent specific types of notifications. To receive an Indication, a consumer (or subscriber) must create an instance of CIM_IndicationFilter describing the criteria of the notification, an instance of CIM_ListenerDestination describing the delivery of the notification, and an instance of CIM_IndicationSubscription associating the Filter and Handler. CIM_Indication
Property Qualifiers
Property IndicationIdentifier Qualifiers Name Type Value From Class Required boolean true CIM_SecurityIndication Override string IndicationIdentifier CIM_SecurityIndication Description string An identifier for the Indication. This property is similar to a key value in that it can be used for identification, when correlating Indications (see the CorrelatedIndications array). Its value SHOULD be unique as long as Alert correlations are reported, but MAY be reused or left NULL if no future Indications will reference it in their CorrelatedIndications array. CIM_SecurityIndication MappingStrings string Recommendation.ITU|X733.Notification identifier CIM_SecurityIndication
Property AlertType Qualifiers Name Type Value From Class Override string AlertType CIM_SecurityIndication Description string Primary classification of the Indication. The following value is the only value permitted from AlertIndication: 8 - Security Alert. An Indication of this type is associated with security violations, detection of viruses, and similar issues. CIM_SecurityIndication ValueMap string [See below.] CIM_SecurityIndication Values string Security Alert CIM_SecurityIndication MappingStrings string Recommendation.ITU|X733.Event type CIM_SecurityIndication Required boolean true CIM_SecurityIndication
Name Value 8 Security Alert
Property MessageType Qualifiers Name Type Value From Class Required boolean true CIM_SecurityIndication Description string MessageType is an identifier distinguishing the instance of a SecurityIndication semantically. Instances of this class or its subclasses have different meaning depending upon the value of MessageType. For example, overrides of this property in subclasses can define new MethodTypes, such as " Virus Found " or " Vulnerability Detected " . A range of values, DMTF_Reserved, and Vendor Reserved, has been defined that allows subclasses to override and define their specific event message types. Note that MessageType does not correspond to the CIM_AlertIndication " Message " property, which holds a formatted string for general AlertIndications. CIM_AlertIndication.Message MAY be used to contain message text sent by the Detector, but in addition to, rather than in lieu of SecurityIndication specific properties. CIM_SecurityIndication ValueMap string [See below.] CIM_SecurityIndication Values string Unknown
DMTF Reserved
Not Applicable
Vendor ReservedCIM_SecurityIndication
Name Value 0 Unknown .. DMTF Reserved 2 Not Applicable 16000.. Vendor Reserved
Property IndicationTime Qualifiers Name Type Value From Class Required boolean true CIM_SecurityIndication Override string IndicationTime CIM_SecurityIndication Description string The time and date of creation of the Indication. The property may be set to NULL if the entity creating the Indication is not capable of determining this information. Note that IndicationTime may be the same for two Indications that are generated in rapid succession. CIM_SecurityIndication ModelCorrespondence string CIM_SecurityIndication.IndicationStartCountTime CIM_SecurityIndication
Property IndicationStartCountTime Qualifiers Name Type Value From Class Description string The start time and date of a range of events represented by the Indication whose current event time is specified by IndicationTime. If the Indication represents a single event, this property MUST be set to NULL. If the Indication represents multiple events over time, the EventCount property MUST be greater than 1 and this property MUST be less than or equal to the IndicationTime value. In this case, the Indication represents an event aggregate with the aggregate amplitude being the EventCount property. The time range or EventCount does not imply a threshold in and of itself, but a time or amplitude threshold MAY be used in determining how a Detector populates this property. CIM_SecurityIndication ModelCorrespondence string CIM_SecurityIndication.EventCount
CIM_SecurityIndication.IndicationTimeCIM_SecurityIndication
Property EventCount Qualifiers Name Type Value From Class Description string The number of events represented by this Indication. If IndicationStartCountTime is not NULL, EventCount MUST be greater than 1 which means that the Indication represents an event aggregate. CIM_SecurityIndication Counter boolean true CIM_SecurityIndication MinValue sint64 1 CIM_SecurityIndication ModelCorrespondence string CIM_SecurityIndication.IndicationStartCountTime CIM_SecurityIndication
Property Effects Qualifiers Name Type Value From Class Required boolean true CIM_SecurityIndication Description string An array of enumerated values that describes the effect(s) of an event from the Detector ’ s point of view. Some security devices such as simple packet filters may not be able to detect the notion of an event ’ s Effect. In these cases, the Effect is " Unknown " . Although in many cases the Effect of an attack is intended, not all attacks have a known intent, such as viruses or other malicious code, which may have multiple varied Effects. If there is more than one Effect, the first element in the array SHOULD represent the most significant or most severe Effect, from the Detector ’ s point of view. The following values are defined: 0 - Unknown means the Effect of the event is purely unknown. 2 - Degradation. The message indicates that an attempt was made to damage or impair usability, performance, service availability, etc. 3 - Reconnaissance. The message indicates that there was an attempt to gather information useful for attacks, or probe for vulnerabilities without necessarily exploiting them. 4 - Access. The message indicates that access has been attempted or made to data or services. 5 - Integrity. The message indicates that there was an attempt to modify or delete data. 6 - System Compromised. The message indicates that an attacker succeeded in gaining complete access to the system. CIM_SecurityIndication ValueMap string [See below.] CIM_SecurityIndication Values string Unknown
DMTF Reserved
Degradation
Reconnaissance
Access
Integrity
System Compromised
Vendor ReservedCIM_SecurityIndication ArrayType string Indexed CIM_SecurityIndication ModelCorrespondence string CIM_SecurityIndication.MoreSpecificEffects CIM_SecurityIndication
Name Value 0 Unknown .. DMTF Reserved 2 Degradation 3 Reconnaissance 4 Access 5 Integrity 6 System Compromised 16000.. Vendor Reserved
Property MoreSpecificEffects Qualifiers Name Type Value From Class Description string If more details are known about the effect of an attack or probe, this property can contain that information. For example, if one of the values of Effects is Access, a more specific Effect might be HostCompromised. Or, if the Effect is Degradation, a more specific effect might be DistributedDoS. String values for this property are vendor or Detector specific and as such, the property CIM_AlertIndication.OwningEntity SHOULD be populated to identify the business entity or standards body defining the possible values. CIM_SecurityIndication ArrayType string Indexed CIM_SecurityIndication ModelCorrespondence string CIM_SecurityIndication.Effects
CIM_AlertIndication.OwningEntityCIM_SecurityIndication
Property Mechanisms Qualifiers Name Type Value From Class Required boolean true CIM_SecurityIndication Description string An array of integers indicating the method(s) used in an attack, probe, or other action. When more than one value is used there MAY be a parent/child or hierarchical relationship between values where the more general or parent value is at the lowest index and the more specific or child value(s) are at increasing indices. Values with a parent/child relationship are: Parent - NetworkProtocol Children - NetworkICMP, NetworkTCP, NetworkUDP, NetworkHTTP Parent - Overloading Children - Congestion, Saturation Mechanisms values can be used with any of the Effects values, depending on the method(s) employed in an attack or probe. For example, a DoS attack using ICMP packets, Effects would contain Degradation, and Mechanisms would contain NetworkProtocol and NetworkICMP in that order. For a port scan, Effects contains Reconnaissance and Mechanisms would contain PortScan. CIM_SecurityIndication ValueMap string [See below.] CIM_SecurityIndication Values string Unknown
DMTF Reserved
ArpPoisoning
Backdoor
Rootkit
Trojan
BufferOverflow
GuessPassword
ReplayAttack
SQLInjection
SpoofIdentity
PortSweep
HostSweep
NetworkSweep
NetworkICMP
NetworkTCP
NetworkUDP
Worm
Virus
Non-viral Malicious
Spyware
Adware
Login
Logout
Application Exploitation
Script Injection
Stale-data Scan
Congestion
Saturation
Overloading
Port Scan
Network Protocol
Network HTTP
Phishing
Redirection
RemoteExecution
DataManipulation
Cross-site Scripting
Vendor ReservedCIM_SecurityIndication ArrayType string Indexed CIM_SecurityIndication ModelCorrespondence string CIM_SecurityIndication.MoreSpecificMechanisms CIM_SecurityIndication
Name Value 0 Unknown .. DMTF Reserved 2 ArpPoisoning 3 Backdoor 4 Rootkit 5 Trojan 6 BufferOverflow 7 GuessPassword 8 ReplayAttack 9 SQLInjection 10 SpoofIdentity 11 PortSweep 12 HostSweep 13 NetworkSweep 14 NetworkICMP 15 NetworkTCP 16 NetworkUDP 17 Worm 18 Virus 19 Non-viral Malicious 20 Spyware 21 Adware 22 Login 23 Logout 24 Application Exploitation 25 Script Injection 26 Stale-data Scan 27 Congestion 28 Saturation 29 Overloading 30 Port Scan 31 Network Protocol 32 Network HTTP 33 Phishing 34 Redirection 35 RemoteExecution 36 DataManipulation 37 Cross-site Scripting 16000.. Vendor Reserved
Property MoreSpecificMechanisms Qualifiers Name Type Value From Class Description string Specifies a more specific mechanism based on a value specified in the Mechanisms property. For example, if one of the values of Mechanisms is Trojan, then a MoreSpecificMechanisms might be Connect for a trojan that opens a port and listens for connections. A different method might be Response if the trojan sends information. String values for this property are vendor or Detector specific and as such, the property CIM_AlertIndication.OwningEntity SHOULD be populated to identify the business entity or standards body defining the possible values. CIM_SecurityIndication ArrayType string Indexed CIM_SecurityIndication ModelCorrespondence string CIM_SecurityIndication.Mechanisms
CIM_AlertIndication.OwningEntityCIM_SecurityIndication
Property Resources Qualifiers Name Type Value From Class Required boolean true CIM_SecurityIndication Description string An integer indicating the type(s) of resource affected by an attack or probe. When more than one value is used there MAY be a parent/child or hierarchical relationship between values where the more general or parent value is at the lowest index and the more specific or child value(s) are at increasing indices. Values with a parent/child relationship are: Parent - Remote Service Children - Remote Share, Naming Service, DB, FTP, Mail, RPC, Web Parent - Remote Share Children - NFS, SMB, CIFS Parent - Naming Service Children - DNS, LDAP Parent - Application Children - Application Data, Application Configuration Parent - OS Children - OS Kernel, OS Configuration, OS Session, File System, Process, Service, User Account, Privileges, User Policy, Group, Registry, File Parent - Network Device Children - Firewall, Router, Switch For example, DB indicates that an attack was made against a database server, where Mail indicates that some type of email server is affected. DB, DNS, and other values can mean a server or service, e.g. there is no distinction between a DNS server resource and a DNS service resource. Web means a web server/service but more specific resources of this type can be specified using the MoreSpecificResources property, e.g. IIS, Apache, iPlanet, etc. CIM_SecurityIndication ValueMap string [See below.] CIM_SecurityIndication Values string Unknown
DMTF Reserved
DB
DNS
FTP
Web
Host
Firewall
Registry
Network Device
Hardware
User Activity
Cookies
Network Data
Application Data
Application Configuration
OS Kernel
OS Configuration
OS Session
File System
Process
Service
Network Session
URL
User Account
Privileges
User Policy
Group
RPC
SNMP
Remote Service
Remote Share
Naming Service
Application
OS
NFS
SMB
CIFS
CPU
Router
Switch
LDAP
Vendor ReservedCIM_SecurityIndication ArrayType string Indexed CIM_SecurityIndication ModelCorrespondence string CIM_SecurityIndication.MoreSpecificResources CIM_SecurityIndication
Name Value 0 Unknown .. DMTF Reserved 2 DB 3 DNS 4 FTP 5 6 Web 7 Host 8 Firewall 9 Registry 10 Network Device 11 Hardware 12 User Activity 13 Cookies 14 Network Data 15 Application Data 16 Application Configuration 17 OS Kernel 18 OS Configuration 19 OS Session 20 File System 21 Process 22 Service 23 Network Session 24 URL 25 User Account 26 Privileges 27 User Policy 28 Group 29 RPC 30 SNMP 31 Remote Service 32 Remote Share 33 Naming Service 34 Application 35 OS 36 NFS 37 SMB 38 CIFS 39 CPU 40 Router 41 Switch 42 LDAP 16000.. Vendor Reserved
Property MoreSpecificResources Qualifiers Name Type Value From Class Description string Specifies a more specific resource based on a value specified in the Resources property. For example, if one of the values of Resources is Web, then a MoreSpecificResource might be Apache for an attack or probe against an Apache web server. String values for this property are vendor or Detector specific and as such, the property CIM_AlertIndication.OwningEntity SHOULD be populated to identify the business entity or standards body defining the possible values. CIM_SecurityIndication ArrayType string Indexed CIM_SecurityIndication ModelCorrespondence string CIM_SecurityIndication.Resources
CIM_AlertIndication.OwningEntityCIM_SecurityIndication
Property Description Qualifiers Name Type Value From Class Description string A short description of the Indication. CIM_AlertIndication MappingStrings string Recommendation.ITU|X733.Additional text CIM_AlertIndication
Property AlertingManagedElement Qualifiers Name Type Value From Class Description string The identifying information of the entity (ie, the instance) for which this Indication is generated. The property contains the path of an instance, encoded as a string parameter - if the instance is modeled in the CIM Schema. If not a CIM instance, the property contains some identifying string that names the entity for which the Alert is generated. The path or identifying string is formatted per the AlertingElementFormat property. CIM_AlertIndication ModelCorrespondence string CIM_AlertIndication.AlertingElementFormat CIM_AlertIndication
Property AlertingElementFormat Qualifiers Name Type Value From Class Description string The format of the AlertingManagedElement property is interpretable based upon the value of this property. Values are defined as: 0 - Unknown. The format is unknown or not meaningfully interpretable by a CIM client application. 1 - Other. The format is defined by the value of the OtherAlertingElementFormat property. 2 - CIMObjectPath. The format is a CIMObjectPath, with format < NamespacePath > : < ClassName > . < Prop1 > = " < Value1 > " , < Prop2 > = " < Value2 > " , . . . specifying an instance in the CIM Schema. CIM_AlertIndication ValueMap string [See below.] CIM_AlertIndication Values string Unknown
Other
CIMObjectPathCIM_AlertIndication ModelCorrespondence string CIM_AlertIndication.AlertingManagedElement
CIM_AlertIndication.OtherAlertingElementFormatCIM_AlertIndication
Name Value 0 Unknown 1 Other 2 CIMObjectPath
Property OtherAlertingElementFormat Qualifiers Name Type Value From Class Description string A string defining " Other " values for AlertingElementFormat. This value MUST be set to a non NULL value when AlertingElementFormat is set to a value of 1 ( " Other " ). For all other values of AlertingElementFormat, the value of this string must be set to NULL. CIM_AlertIndication ModelCorrespondence string CIM_AlertIndication.AlertingElementFormat CIM_AlertIndication
Property AlertType Qualifiers Name Type Value From Class Required boolean true CIM_AlertIndication Description string Primary classification of the Indication. The following values are defined: 1 - Other. The Indication ’ s OtherAlertType property conveys its classification. Use of " Other " in an enumeration is a standard CIM convention. It means that the current Indication does not fit into the categories described by this enumeration. 2 - Communications Alert. An Indication of this type is principally associated with the procedures and/or processes required to convey information from one point to another. 3 - Quality of Service Alert. An Indication of this type is principally associated with a degradation or errors in the performance or function of an entity. 4 - Processing Error. An Indication of this type is principally associated with a software or processing fault. 5 - Device Alert. An Indication of this type is principally associated with an equipment or hardware fault. 6 - Environmental Alert. An Indication of this type is principally associated with a condition relating to an enclosure in which the hardware resides, or other environmental considerations. 7 - Model Change. The Indication addresses changes in the Information Model. For example, it may embed a Lifecycle Indication to convey the specific model change being alerted. 8 - Security Alert. An Indication of this type is associated with security violations, detection of viruses, and similar issues. CIM_AlertIndication ValueMap string [See below.] CIM_AlertIndication Values string Other
Communications Alert
Quality of Service Alert
Processing Error
Device Alert
Environmental Alert
Model Change
Security AlertCIM_AlertIndication MappingStrings string Recommendation.ITU|X733.Event type CIM_AlertIndication
Name Value 1 Other 2 Communications Alert 3 Quality of Service Alert 4 Processing Error 5 Device Alert 6 Environmental Alert 7 Model Change 8 Security Alert
Property OtherAlertType Qualifiers Name Type Value From Class Description string A string describing the Alert type - used when the AlertType property is set to 1, " Other State Change " . CIM_AlertIndication ModelCorrespondence string CIM_AlertIndication.AlertType CIM_AlertIndication
Property PerceivedSeverity Qualifiers Name Type Value From Class Required boolean true CIM_AlertIndication Override string PerceivedSeverity CIM_AlertIndication Description string An enumerated value that describes the severity of the Alert Indication from the notifier ’ s point of view: 1 - Other, by CIM convention, is used to indicate that the Severity ’ s value can be found in the OtherSeverity property. 3 - Degraded/Warning should be used when its appropriate to let the user decide if action is needed. 4 - Minor should be used to indicate action is needed, but the situation is not serious at this time. 5 - Major should be used to indicate action is needed NOW. 6 - Critical should be used to indicate action is needed NOW and the scope is broad (perhaps an imminent outage to a critical resource will result). 7 - Fatal/NonRecoverable should be used to indicate an error occurred, but it ’ s too late to take remedial action. 2 and 0 - Information and Unknown (respectively) follow common usage. Literally, the AlertIndication is purely informational or its severity is simply unknown. CIM_AlertIndication ValueMap string [See below.] CIM_AlertIndication Values string Unknown
Other
Information
Degraded/Warning
Minor
Major
Critical
Fatal/NonRecoverableCIM_AlertIndication MappingStrings string Recommendation.ITU|X733.Perceived severity CIM_AlertIndication
Name Value 0 Unknown 1 Other 2 Information 3 Degraded/Warning 4 Minor 5 Major 6 Critical 7 Fatal/NonRecoverable
Property ProbableCause Qualifiers Name Type Value From Class Required boolean true CIM_AlertIndication Description string An enumerated value that describes the probable cause of the situation which resulted in the AlertIndication. CIM_AlertIndication ValueMap string [See below.] CIM_AlertIndication Values string Unknown
Other
Adapter/Card Error
Application Subsystem Failure
Bandwidth Reduced
Connection Establishment Error
Communications Protocol Error
Communications Subsystem Failure
Configuration/Customization Error
Congestion
Corrupt Data
CPU Cycles Limit Exceeded
Dataset/Modem Error
Degraded Signal
DTE-DCE Interface Error
Enclosure Door Open
Equipment Malfunction
Excessive Vibration
File Format Error
Fire Detected
Flood Detected
Framing Error
HVAC Problem
Humidity Unacceptable
I/O Device Error
Input Device Error
LAN Error
Non-Toxic Leak Detected
Local Node Transmission Error
Loss of Frame
Loss of Signal
Material Supply Exhausted
Multiplexer Problem
Out of Memory
Output Device Error
Performance Degraded
Power Problem
Pressure Unacceptable
Processor Problem (Internal Machine Error)
Pump Failure
Queue Size Exceeded
Receive Failure
Receiver Failure
Remote Node Transmission Error
Resource at or Nearing Capacity
Response Time Excessive
Retransmission Rate Excessive
Software Error
Software Program Abnormally Terminated
Software Program Error (Incorrect Results)
Storage Capacity Problem
Temperature Unacceptable
Threshold Crossed
Timing Problem
Toxic Leak Detected
Transmit Failure
Transmitter Failure
Underlying Resource Unavailable
Version MisMatch
Previous Alert Cleared
Login Attempts Failed
Software Virus Detected
Hardware Security Breached
Denial of Service Detected
Security Credential MisMatch
Unauthorized Access
Alarm Received
Loss of Pointer
Payload Mismatch
Transmission Error
Excessive Error Rate
Trace Problem
Element Unavailable
Element Missing
Loss of Multi Frame
Broadcast Channel Failure
Invalid Message Received
Routing Failure
Backplane Failure
Identifier Duplication
Protection Path Failure
Sync Loss or Mismatch
Terminal Problem
Real Time Clock Failure
Antenna Failure
Battery Charging Failure
Disk Failure
Frequency Hopping Failure
Loss of Redundancy
Power Supply Failure
Signal Quality Problem
Battery Discharging
Battery Failure
Commercial Power Problem
Fan Failure
Engine Failure
Sensor Failure
Fuse Failure
Generator Failure
Low Battery
Low Fuel
Low Water
Explosive Gas
High Winds
Ice Buildup
Smoke
Memory Mismatch
Out of CPU Cycles
Software Environment Problem
Software Download Failure
Element Reinitialized
Timeout
Logging Problems
Leak Detected
Protection Mechanism Failure
Protecting Resource Failure
Database Inconsistency
Authentication Failure
Breach of Confidentiality
Cable Tamper
Delayed Information
Duplicate Information
Information Missing
Information Modification
Information Out of Sequence
Key Expired
Non-Repudiation Failure
Out of Hours Activity
Out of Service
Procedural Error
Unexpected InformationCIM_AlertIndication MappingStrings string Recommendation.ITU|X733.Probable cause
Recommendation.ITU|M3100.probableCause
ITU-IANA-ALARM-TCCIM_AlertIndication ModelCorrespondence string CIM_AlertIndication.ProbableCauseDescription
CIM_AlertIndication.EventID
CIM_AlertIndication.EventTimeCIM_AlertIndication
Name Value 0 Unknown 1 Other 2 Adapter/Card Error 3 Application Subsystem Failure 4 Bandwidth Reduced 5 Connection Establishment Error 6 Communications Protocol Error 7 Communications Subsystem Failure 8 Configuration/Customization Error 9 Congestion 10 Corrupt Data 11 CPU Cycles Limit Exceeded 12 Dataset/Modem Error 13 Degraded Signal 14 DTE-DCE Interface Error 15 Enclosure Door Open 16 Equipment Malfunction 17 Excessive Vibration 18 File Format Error 19 Fire Detected 20 Flood Detected 21 Framing Error 22 HVAC Problem 23 Humidity Unacceptable 24 I/O Device Error 25 Input Device Error 26 LAN Error 27 Non-Toxic Leak Detected 28 Local Node Transmission Error 29 Loss of Frame 30 Loss of Signal 31 Material Supply Exhausted 32 Multiplexer Problem 33 Out of Memory 34 Output Device Error 35 Performance Degraded 36 Power Problem 37 Pressure Unacceptable 38 Processor Problem (Internal Machine Error) 39 Pump Failure 40 Queue Size Exceeded 41 Receive Failure 42 Receiver Failure 43 Remote Node Transmission Error 44 Resource at or Nearing Capacity 45 Response Time Excessive 46 Retransmission Rate Excessive 47 Software Error 48 Software Program Abnormally Terminated 49 Software Program Error (Incorrect Results) 50 Storage Capacity Problem 51 Temperature Unacceptable 52 Threshold Crossed 53 Timing Problem 54 Toxic Leak Detected 55 Transmit Failure 56 Transmitter Failure 57 Underlying Resource Unavailable 58 Version MisMatch 59 Previous Alert Cleared 60 Login Attempts Failed 61 Software Virus Detected 62 Hardware Security Breached 63 Denial of Service Detected 64 Security Credential MisMatch 65 Unauthorized Access 66 Alarm Received 67 Loss of Pointer 68 Payload Mismatch 69 Transmission Error 70 Excessive Error Rate 71 Trace Problem 72 Element Unavailable 73 Element Missing 74 Loss of Multi Frame 75 Broadcast Channel Failure 76 Invalid Message Received 77 Routing Failure 78 Backplane Failure 79 Identifier Duplication 80 Protection Path Failure 81 Sync Loss or Mismatch 82 Terminal Problem 83 Real Time Clock Failure 84 Antenna Failure 85 Battery Charging Failure 86 Disk Failure 87 Frequency Hopping Failure 88 Loss of Redundancy 89 Power Supply Failure 90 Signal Quality Problem 91 Battery Discharging 92 Battery Failure 93 Commercial Power Problem 94 Fan Failure 95 Engine Failure 96 Sensor Failure 97 Fuse Failure 98 Generator Failure 99 Low Battery 100 Low Fuel 101 Low Water 102 Explosive Gas 103 High Winds 104 Ice Buildup 105 Smoke 106 Memory Mismatch 107 Out of CPU Cycles 108 Software Environment Problem 109 Software Download Failure 110 Element Reinitialized 111 Timeout 112 Logging Problems 113 Leak Detected 114 Protection Mechanism Failure 115 Protecting Resource Failure 116 Database Inconsistency 117 Authentication Failure 118 Breach of Confidentiality 119 Cable Tamper 120 Delayed Information 121 Duplicate Information 122 Information Missing 123 Information Modification 124 Information Out of Sequence 125 Key Expired 126 Non-Repudiation Failure 127 Out of Hours Activity 128 Out of Service 129 Procedural Error 130 Unexpected Information
Property ProbableCauseDescription Qualifiers Name Type Value From Class Description string Provides additional information related to the ProbableCause. CIM_AlertIndication ModelCorrespondence string CIM_AlertIndication.ProbableCause CIM_AlertIndication
Property Trending Qualifiers Name Type Value From Class Description string Provides information on trending - trending up, down or no change. CIM_AlertIndication ValueMap string [See below.] CIM_AlertIndication Values string Unknown
Not Applicable
Trending Up
Trending Down
No ChangeCIM_AlertIndication MappingStrings string Recommendation.ITU|X733.TrendIndication CIM_AlertIndication
Name Value 0 Unknown 1 Not Applicable 2 Trending Up 3 Trending Down 4 No Change
Property RecommendedActions Qualifiers Name Type Value From Class Description string Free form descriptions of the recommended actions to take to resolve the cause of the notification. CIM_AlertIndication MappingStrings string Recommendation.ITU|X733.Proposed repair actions CIM_AlertIndication
Property EventID Qualifiers Name Type Value From Class Description string An instrumentation or provider specific value that describes the underlying " real-world " event represented by the Indication. Two Indications with the same, non NULL EventID value are considered, by the creating entity, to represent the same event. The comparison of two EventID values is only defined for Alert Indications with identical, non NULL values of SystemCreateClassName, SystemName and ProviderName. CIM_AlertIndication ModelCorrespondence string CIM_AlertIndication.ProbableCause CIM_AlertIndication
Property EventTime Qualifiers Name Type Value From Class Description string The time and date the underlying event was first detected. If specified, this property MUST be set to NULL if the creating entity is not capable of providing this information. This value is based on the notion of local date and time of the Managed System Element generating the Indication. CIM_AlertIndication ModelCorrespondence string CIM_AlertIndication.ProbableCause CIM_AlertIndication
Property SystemCreationClassName Qualifiers Name Type Value From Class Description string The scoping System ’ s CreationClassName for the Provider generating this Indication. CIM_AlertIndication MaxLen uint32 256 CIM_AlertIndication
Property SystemName Qualifiers Name Type Value From Class Description string The scoping System ’ s Name for the Provider generating this Indication. CIM_AlertIndication MaxLen uint32 256 CIM_AlertIndication
Property ProviderName Qualifiers Name Type Value From Class Description string The name of the Provider generating this Indication. CIM_AlertIndication MaxLen uint32 256 CIM_AlertIndication
Property OwningEntity Qualifiers Name Type Value From Class Description string A string that uniquely identifies the entity that owns the definition of the format of the Message described in this instance. OwningEntity MUST include a copyrighted, trademarked or otherwise unique name that is owned by the business entity or standards body defining the format. CIM_AlertIndication
Property MessageID Qualifiers Name Type Value From Class Description string A string that uniquely identifies, within the scope of the OwningEntity, the format of the Message. CIM_AlertIndication ModelCorrespondence string CIM_AlertIndication.Message
CIM_AlertIndication.MessageArgumentsCIM_AlertIndication
Property Message Qualifiers Name Type Value From Class Description string The formatted message. This message is constructed by applying the dynamic content of the message, described in MessageArguments, to the format string uniquely identified, within the scope of the OwningEntity, by MessageID. CIM_AlertIndication ModelCorrespondence string CIM_AlertIndication.MessageID
CIM_AlertIndication.MessageArgumentsCIM_AlertIndication
Property MessageArguments Qualifiers Name Type Value From Class Description string An array containing the dynamic content of the message. CIM_AlertIndication ModelCorrespondence string CIM_AlertIndication.Message
CIM_AlertIndication.MessageIDCIM_AlertIndication
Property IndicationIdentifier Qualifiers Name Type Value From Class Description string An identifier for the Indication. This property is similar to a key value in that it can be used for identification, when correlating Indications (see the CorrelatedIndications array). Its value SHOULD be unique as long as Alert correlations are reported, but MAY be reused or left NULL if no future Indications will reference it in their CorrelatedIndications array. CIM_Indication MappingStrings string Recommendation.ITU|X733.Notification identifier CIM_Indication
Property CorrelatedIndications Qualifiers Name Type Value From Class Description string A list of IndicationIdentifiers whose notifications are correlated with (related to) this one. CIM_Indication MappingStrings string Recommendation.ITU|X733.Correlated notifications CIM_Indication
Property IndicationTime Qualifiers Name Type Value From Class Description string The time and date of creation of the Indication. The property may be set to NULL if the entity creating the Indication is not capable of determining this information. Note that IndicationTime may be the same for two Indications that are generated in rapid succession. CIM_Indication
Property PerceivedSeverity Qualifiers Name Type Value From Class Description string An enumerated value that describes the severity of the Indication from the notifier ’ s point of view: 1 - Other, by CIM convention, is used to indicate that the Severity ’ s value can be found in the OtherSeverity property. 3 - Degraded/Warning should be used when its appropriate to let the user decide if action is needed. 4 - Minor should be used to indicate action is needed, but the situation is not serious at this time. 5 - Major should be used to indicate action is needed NOW. 6 - Critical should be used to indicate action is needed NOW and the scope is broad (perhaps an imminent outage to a critical resource will result). 7 - Fatal/NonRecoverable should be used to indicate an error occurred, but it ’ s too late to take remedial action. 2 and 0 - Information and Unknown (respectively) follow common usage. Literally, the Indication is purely informational or its severity is simply unknown. CIM_Indication ValueMap string [See below.] CIM_Indication Values string Unknown
Other
Information
Degraded/Warning
Minor
Major
Critical
Fatal/NonRecoverableCIM_Indication MappingStrings string Recommendation.ITU|X733.Perceived severity CIM_Indication
Name Value 0 Unknown 1 Other 2 Information 3 Degraded/Warning 4 Minor 5 Major 6 Critical 7 Fatal/NonRecoverable
Property OtherSeverity Qualifiers Name Type Value From Class Description string Holds the value of the user defined severity value when ’ PerceivedSeverity ’ is 1 ( " Other " ). CIM_Indication ModelCorrespondence string CIM_AlertIndication.PerceivedSeverity CIM_Indication
Method Qualifiers
Parameters
Parameter Qualifiers