CIM211 Class Declaration
CIM_SecurityIndication

Table of Contents:
Class Hierarchy
Class Attributes
Class Qualifiers
Properties
Methods
Associations in which the class can participate
Sub Profiling Summary

Class Hierarchy

CIM_SecurityIndication --> CIM_AlertIndication --> CIM_ProcessIndication --> CIM_Indication --> [top]

Class Attributes

Class Declaration Attributes
NameValue
SUPERCLASSCIM_AlertIndication
NAMECIM_SecurityIndication

Class Qualifiers

Class CIM_SecurityIndication Qualifiers
NameTypeValueFrom Class
Experimentalbooleantrue CIM_SecurityIndication
Versionstring2.10.0 CIM_SecurityIndication
DescriptionstringSecurityIndication provides a common superclass for the CIM Security Events schema. SecurityIndications are messages produced by Detectors that watch for and report on events that have security implications. Detectors may include, but are not limited to intrusion detection systems, antivirus scanners, firewalls, vulnerability scanners, or operating system sentries and subsystems. Although often due to attacks or probes, security events can also reflect normal activity, such as host or network login, firewall connections, etc. Messages include information about the Effect of the event, the Mechanism or method by which the event occurred, and the Resource affected by the event. Properties from the base class CIM_Indication that MUST be populated are: IndicationIdentifier and IndicationTime. A property from the superclass CIM_AlertIndication that MUST be populated is: AlertType which MUST be set to " Security " . EventID, ProviderName and AlertingManagedElement in some combination SHOULD be populated in a way that identifies the device type and its source in an unambiguous way from the Detector ’ s point of view. CIM_SecurityIndication
Indicationbooleantrue CIM_SecurityIndication
DescriptionstringA concrete superclass for CIM Alert notifications. An AlertIndication is a specialized type of CIM_Indication that contains information about the severity, cause, recommended actions and other data of a real world event. This event and its data may or may not be modeled in the CIM class hierarchy. CIM_AlertIndication
Indicationbooleantrue CIM_AlertIndication
DescriptionstringAn abstract superclass for specialized Indication classes, addressing specific changes and alerts published by providers and instrumentation. Subclasses include AlertIndication (with properties such as PerceivedSeverity and ProbableCause), and SNMPTrapIndication (which recasts Traps as CIM indications). CIM_ProcessIndication
Indicationbooleantrue CIM_ProcessIndication
Indicationbooleantrue CIM_Indication
DescriptionstringCIM_Indication is the abstract root class for all notifications about changes in schema, objects and their data, and about events detected by providers and instrumentation. Subclasses represent specific types of notifications. To receive an Indication, a consumer (or subscriber) must create an instance of CIM_IndicationFilter describing the criteria of the notification, an instance of CIM_ListenerDestination describing the delivery of the notification, and an instance of CIM_IndicationSubscription associating the Filter and Handler. CIM_Indication

Properties

Properties
NameTypeValueQualifiersClassOrigin
IndicationIdentifierstring Required
Override
Description
MappingStrings
CIM_SecurityIndication
AlertTypeuint168 Override
Description
ValueMap
Values
MappingStrings
Required
CIM_SecurityIndication
MessageTypeuint16 Required
Description
ValueMap
Values
CIM_SecurityIndication
IndicationTimedatetime Required
Override
Description
ModelCorrespondence
CIM_SecurityIndication
IndicationStartCountTimedatetime Description
ModelCorrespondence
CIM_SecurityIndication
EventCountuint161 Description
Counter
MinValue
ModelCorrespondence
CIM_SecurityIndication
Effectsuint16[] Required
Description
ValueMap
Values
ArrayType
ModelCorrespondence
CIM_SecurityIndication
MoreSpecificEffectsstring[] Description
ArrayType
ModelCorrespondence
CIM_SecurityIndication
Mechanismsuint16[] Required
Description
ValueMap
Values
ArrayType
ModelCorrespondence
CIM_SecurityIndication
MoreSpecificMechanismsstring[] Description
ArrayType
ModelCorrespondence
CIM_SecurityIndication
Resourcesuint16[] Required
Description
ValueMap
Values
ArrayType
ModelCorrespondence
CIM_SecurityIndication
MoreSpecificResourcesstring[] Description
ArrayType
ModelCorrespondence
CIM_SecurityIndication
Descriptionstring Description
MappingStrings
CIM_AlertIndication
AlertingManagedElementstring Description
ModelCorrespondence
CIM_AlertIndication
AlertingElementFormatuint160 Description
ValueMap
Values
ModelCorrespondence
CIM_AlertIndication
OtherAlertingElementFormatstring Description
ModelCorrespondence
CIM_AlertIndication
OtherAlertTypestring Description
ModelCorrespondence
CIM_AlertIndication
PerceivedSeverityuint16 Required
Override
Description
ValueMap
Values
MappingStrings
CIM_AlertIndication
ProbableCauseuint16 Required
Description
ValueMap
Values
MappingStrings
ModelCorrespondence
CIM_AlertIndication
ProbableCauseDescriptionstring Description
ModelCorrespondence
CIM_AlertIndication
Trendinguint16 Description
ValueMap
Values
MappingStrings
CIM_AlertIndication
RecommendedActionsstring[] Description
MappingStrings
CIM_AlertIndication
EventIDstring Description
ModelCorrespondence
CIM_AlertIndication
EventTimedatetime Description
ModelCorrespondence
CIM_AlertIndication
SystemCreationClassNamestring Description
MaxLen
CIM_AlertIndication
SystemNamestring Description
MaxLen
CIM_AlertIndication
ProviderNamestring Description
MaxLen
CIM_AlertIndication
OwningEntitystring Experimental
Description
CIM_AlertIndication
MessageIDstring Experimental
Description
ModelCorrespondence
CIM_AlertIndication
Messagestring Experimental
Description
ModelCorrespondence
CIM_AlertIndication
MessageArgumentsstring[] Experimental
Description
ModelCorrespondence
CIM_AlertIndication
CorrelatedIndicationsstring[] Description
MappingStrings
CIM_Indication
OtherSeveritystring Description
ModelCorrespondence
CIM_Indication

Property Qualifiers

Property IndicationIdentifier Qualifiers
NameTypeValueFrom Class
Requiredbooleantrue CIM_SecurityIndication
OverridestringIndicationIdentifier CIM_SecurityIndication
DescriptionstringAn identifier for the Indication. This property is similar to a key value in that it can be used for identification, when correlating Indications (see the CorrelatedIndications array). Its value SHOULD be unique as long as Alert correlations are reported, but MAY be reused or left NULL if no future Indications will reference it in their CorrelatedIndications array. CIM_SecurityIndication
MappingStringsstringRecommendation.ITU|X733.Notification identifier CIM_SecurityIndication

Property AlertType Qualifiers
NameTypeValueFrom Class
OverridestringAlertType CIM_SecurityIndication
DescriptionstringPrimary classification of the Indication. The following value is the only value permitted from AlertIndication: 8 - Security Alert. An Indication of this type is associated with security violations, detection of viruses, and similar issues. CIM_SecurityIndication
ValueMapstring
[See below.]
CIM_SecurityIndication
ValuesstringSecurity Alert CIM_SecurityIndication
MappingStringsstringRecommendation.ITU|X733.Event type CIM_SecurityIndication
Requiredbooleantrue CIM_SecurityIndication

NameValue
8Security Alert
Property MessageType Qualifiers
NameTypeValueFrom Class
Requiredbooleantrue CIM_SecurityIndication
DescriptionstringMessageType is an identifier distinguishing the instance of a SecurityIndication semantically. Instances of this class or its subclasses have different meaning depending upon the value of MessageType. For example, overrides of this property in subclasses can define new MethodTypes, such as " Virus Found " or " Vulnerability Detected " . A range of values, DMTF_Reserved, and Vendor Reserved, has been defined that allows subclasses to override and define their specific event message types. Note that MessageType does not correspond to the CIM_AlertIndication " Message " property, which holds a formatted string for general AlertIndications. CIM_AlertIndication.Message MAY be used to contain message text sent by the Detector, but in addition to, rather than in lieu of SecurityIndication specific properties. CIM_SecurityIndication
ValueMapstring
[See below.]
CIM_SecurityIndication
ValuesstringUnknown
DMTF Reserved
Not Applicable
Vendor Reserved
CIM_SecurityIndication

NameValue
0Unknown
..DMTF Reserved
2Not Applicable
16000..Vendor Reserved
Property IndicationTime Qualifiers
NameTypeValueFrom Class
Requiredbooleantrue CIM_SecurityIndication
OverridestringIndicationTime CIM_SecurityIndication
DescriptionstringThe time and date of creation of the Indication. The property may be set to NULL if the entity creating the Indication is not capable of determining this information. Note that IndicationTime may be the same for two Indications that are generated in rapid succession. CIM_SecurityIndication
ModelCorrespondencestringCIM_SecurityIndication.IndicationStartCountTime CIM_SecurityIndication

Property IndicationStartCountTime Qualifiers
NameTypeValueFrom Class
DescriptionstringThe start time and date of a range of events represented by the Indication whose current event time is specified by IndicationTime. If the Indication represents a single event, this property MUST be set to NULL. If the Indication represents multiple events over time, the EventCount property MUST be greater than 1 and this property MUST be less than or equal to the IndicationTime value. In this case, the Indication represents an event aggregate with the aggregate amplitude being the EventCount property. The time range or EventCount does not imply a threshold in and of itself, but a time or amplitude threshold MAY be used in determining how a Detector populates this property. CIM_SecurityIndication
ModelCorrespondencestringCIM_SecurityIndication.EventCount
CIM_SecurityIndication.IndicationTime
CIM_SecurityIndication

Property EventCount Qualifiers
NameTypeValueFrom Class
DescriptionstringThe number of events represented by this Indication. If IndicationStartCountTime is not NULL, EventCount MUST be greater than 1 which means that the Indication represents an event aggregate. CIM_SecurityIndication
Counterbooleantrue CIM_SecurityIndication
MinValuesint641 CIM_SecurityIndication
ModelCorrespondencestringCIM_SecurityIndication.IndicationStartCountTime CIM_SecurityIndication

Property Effects Qualifiers
NameTypeValueFrom Class
Requiredbooleantrue CIM_SecurityIndication
DescriptionstringAn array of enumerated values that describes the effect(s) of an event from the Detector ’ s point of view. Some security devices such as simple packet filters may not be able to detect the notion of an event ’ s Effect. In these cases, the Effect is " Unknown " . Although in many cases the Effect of an attack is intended, not all attacks have a known intent, such as viruses or other malicious code, which may have multiple varied Effects. If there is more than one Effect, the first element in the array SHOULD represent the most significant or most severe Effect, from the Detector ’ s point of view. The following values are defined: 0 - Unknown means the Effect of the event is purely unknown. 2 - Degradation. The message indicates that an attempt was made to damage or impair usability, performance, service availability, etc. 3 - Reconnaissance. The message indicates that there was an attempt to gather information useful for attacks, or probe for vulnerabilities without necessarily exploiting them. 4 - Access. The message indicates that access has been attempted or made to data or services. 5 - Integrity. The message indicates that there was an attempt to modify or delete data. 6 - System Compromised. The message indicates that an attacker succeeded in gaining complete access to the system. CIM_SecurityIndication
ValueMapstring
[See below.]
CIM_SecurityIndication
ValuesstringUnknown
DMTF Reserved
Degradation
Reconnaissance
Access
Integrity
System Compromised
Vendor Reserved
CIM_SecurityIndication
ArrayTypestringIndexed CIM_SecurityIndication
ModelCorrespondencestringCIM_SecurityIndication.MoreSpecificEffects CIM_SecurityIndication

NameValue
0Unknown
..DMTF Reserved
2Degradation
3Reconnaissance
4Access
5Integrity
6System Compromised
16000..Vendor Reserved
Property MoreSpecificEffects Qualifiers
NameTypeValueFrom Class
DescriptionstringIf more details are known about the effect of an attack or probe, this property can contain that information. For example, if one of the values of Effects is Access, a more specific Effect might be HostCompromised. Or, if the Effect is Degradation, a more specific effect might be DistributedDoS. String values for this property are vendor or Detector specific and as such, the property CIM_AlertIndication.OwningEntity SHOULD be populated to identify the business entity or standards body defining the possible values. CIM_SecurityIndication
ArrayTypestringIndexed CIM_SecurityIndication
ModelCorrespondencestringCIM_SecurityIndication.Effects
CIM_AlertIndication.OwningEntity
CIM_SecurityIndication

Property Mechanisms Qualifiers
NameTypeValueFrom Class
Requiredbooleantrue CIM_SecurityIndication
DescriptionstringAn array of integers indicating the method(s) used in an attack, probe, or other action. When more than one value is used there MAY be a parent/child or hierarchical relationship between values where the more general or parent value is at the lowest index and the more specific or child value(s) are at increasing indices. Values with a parent/child relationship are: Parent - NetworkProtocol Children - NetworkICMP, NetworkTCP, NetworkUDP, NetworkHTTP Parent - Overloading Children - Congestion, Saturation Mechanisms values can be used with any of the Effects values, depending on the method(s) employed in an attack or probe. For example, a DoS attack using ICMP packets, Effects would contain Degradation, and Mechanisms would contain NetworkProtocol and NetworkICMP in that order. For a port scan, Effects contains Reconnaissance and Mechanisms would contain PortScan. CIM_SecurityIndication
ValueMapstring
[See below.]
CIM_SecurityIndication
ValuesstringUnknown
DMTF Reserved
ArpPoisoning
Backdoor
Rootkit
Trojan
BufferOverflow
GuessPassword
ReplayAttack
SQLInjection
SpoofIdentity
PortSweep
HostSweep
NetworkSweep
NetworkICMP
NetworkTCP
NetworkUDP
Worm
Virus
Non-viral Malicious
Spyware
Adware
Login
Logout
Application Exploitation
Script Injection
Stale-data Scan
Congestion
Saturation
Overloading
Port Scan
Network Protocol
Network HTTP
Phishing
Redirection
RemoteExecution
DataManipulation
Cross-site Scripting
Vendor Reserved
CIM_SecurityIndication
ArrayTypestringIndexed CIM_SecurityIndication
ModelCorrespondencestringCIM_SecurityIndication.MoreSpecificMechanisms CIM_SecurityIndication

NameValue
0Unknown
..DMTF Reserved
2ArpPoisoning
3Backdoor
4Rootkit
5Trojan
6BufferOverflow
7GuessPassword
8ReplayAttack
9SQLInjection
10SpoofIdentity
11PortSweep
12HostSweep
13NetworkSweep
14NetworkICMP
15NetworkTCP
16NetworkUDP
17Worm
18Virus
19Non-viral Malicious
20Spyware
21Adware
22Login
23Logout
24Application Exploitation
25Script Injection
26Stale-data Scan
27Congestion
28Saturation
29Overloading
30Port Scan
31Network Protocol
32Network HTTP
33Phishing
34Redirection
35RemoteExecution
36DataManipulation
37Cross-site Scripting
16000..Vendor Reserved
Property MoreSpecificMechanisms Qualifiers
NameTypeValueFrom Class
DescriptionstringSpecifies a more specific mechanism based on a value specified in the Mechanisms property. For example, if one of the values of Mechanisms is Trojan, then a MoreSpecificMechanisms might be Connect for a trojan that opens a port and listens for connections. A different method might be Response if the trojan sends information. String values for this property are vendor or Detector specific and as such, the property CIM_AlertIndication.OwningEntity SHOULD be populated to identify the business entity or standards body defining the possible values. CIM_SecurityIndication
ArrayTypestringIndexed CIM_SecurityIndication
ModelCorrespondencestringCIM_SecurityIndication.Mechanisms
CIM_AlertIndication.OwningEntity
CIM_SecurityIndication

Property Resources Qualifiers
NameTypeValueFrom Class
Requiredbooleantrue CIM_SecurityIndication
DescriptionstringAn integer indicating the type(s) of resource affected by an attack or probe. When more than one value is used there MAY be a parent/child or hierarchical relationship between values where the more general or parent value is at the lowest index and the more specific or child value(s) are at increasing indices. Values with a parent/child relationship are: Parent - Remote Service Children - Remote Share, Naming Service, DB, FTP, Mail, RPC, Web Parent - Remote Share Children - NFS, SMB, CIFS Parent - Naming Service Children - DNS, LDAP Parent - Application Children - Application Data, Application Configuration Parent - OS Children - OS Kernel, OS Configuration, OS Session, File System, Process, Service, User Account, Privileges, User Policy, Group, Registry, File Parent - Network Device Children - Firewall, Router, Switch For example, DB indicates that an attack was made against a database server, where Mail indicates that some type of email server is affected. DB, DNS, and other values can mean a server or service, e.g. there is no distinction between a DNS server resource and a DNS service resource. Web means a web server/service but more specific resources of this type can be specified using the MoreSpecificResources property, e.g. IIS, Apache, iPlanet, etc. CIM_SecurityIndication
ValueMapstring
[See below.]
CIM_SecurityIndication
ValuesstringUnknown
DMTF Reserved
DB
DNS
FTP
Mail
Web
Host
Firewall
Registry
Network Device
Hardware
User Activity
Cookies
Network Data
Application Data
Application Configuration
OS Kernel
OS Configuration
OS Session
File System
Process
Service
Network Session
URL
User Account
Privileges
User Policy
Group
RPC
SNMP
Remote Service
Remote Share
Naming Service
Application
OS
NFS
SMB
CIFS
CPU
Router
Switch
LDAP
Vendor Reserved
CIM_SecurityIndication
ArrayTypestringIndexed CIM_SecurityIndication
ModelCorrespondencestringCIM_SecurityIndication.MoreSpecificResources CIM_SecurityIndication

NameValue
0Unknown
..DMTF Reserved
2DB
3DNS
4FTP
5Mail
6Web
7Host
8Firewall
9Registry
10Network Device
11Hardware
12User Activity
13Cookies
14Network Data
15Application Data
16Application Configuration
17OS Kernel
18OS Configuration
19OS Session
20File System
21Process
22Service
23Network Session
24URL
25User Account
26Privileges
27User Policy
28Group
29RPC
30SNMP
31Remote Service
32Remote Share
33Naming Service
34Application
35OS
36NFS
37SMB
38CIFS
39CPU
40Router
41Switch
42LDAP
16000..Vendor Reserved
Property MoreSpecificResources Qualifiers
NameTypeValueFrom Class
DescriptionstringSpecifies a more specific resource based on a value specified in the Resources property. For example, if one of the values of Resources is Web, then a MoreSpecificResource might be Apache for an attack or probe against an Apache web server. String values for this property are vendor or Detector specific and as such, the property CIM_AlertIndication.OwningEntity SHOULD be populated to identify the business entity or standards body defining the possible values. CIM_SecurityIndication
ArrayTypestringIndexed CIM_SecurityIndication
ModelCorrespondencestringCIM_SecurityIndication.Resources
CIM_AlertIndication.OwningEntity
CIM_SecurityIndication

Property Description Qualifiers
NameTypeValueFrom Class
DescriptionstringA short description of the Indication. CIM_AlertIndication
MappingStringsstringRecommendation.ITU|X733.Additional text CIM_AlertIndication

Property AlertingManagedElement Qualifiers
NameTypeValueFrom Class
DescriptionstringThe identifying information of the entity (ie, the instance) for which this Indication is generated. The property contains the path of an instance, encoded as a string parameter - if the instance is modeled in the CIM Schema. If not a CIM instance, the property contains some identifying string that names the entity for which the Alert is generated. The path or identifying string is formatted per the AlertingElementFormat property. CIM_AlertIndication
ModelCorrespondencestringCIM_AlertIndication.AlertingElementFormat CIM_AlertIndication

Property AlertingElementFormat Qualifiers
NameTypeValueFrom Class
DescriptionstringThe format of the AlertingManagedElement property is interpretable based upon the value of this property. Values are defined as: 0 - Unknown. The format is unknown or not meaningfully interpretable by a CIM client application. 1 - Other. The format is defined by the value of the OtherAlertingElementFormat property. 2 - CIMObjectPath. The format is a CIMObjectPath, with format < NamespacePath > : < ClassName > . < Prop1 > = " < Value1 > " , < Prop2 > = " < Value2 > " , . . . specifying an instance in the CIM Schema. CIM_AlertIndication
ValueMapstring
[See below.]
CIM_AlertIndication
ValuesstringUnknown
Other
CIMObjectPath
CIM_AlertIndication
ModelCorrespondencestringCIM_AlertIndication.AlertingManagedElement
CIM_AlertIndication.OtherAlertingElementFormat
CIM_AlertIndication

NameValue
0Unknown
1Other
2CIMObjectPath
Property OtherAlertingElementFormat Qualifiers
NameTypeValueFrom Class
DescriptionstringA string defining " Other " values for AlertingElementFormat. This value MUST be set to a non NULL value when AlertingElementFormat is set to a value of 1 ( " Other " ). For all other values of AlertingElementFormat, the value of this string must be set to NULL. CIM_AlertIndication
ModelCorrespondencestringCIM_AlertIndication.AlertingElementFormat CIM_AlertIndication

Property AlertType Qualifiers
NameTypeValueFrom Class
Requiredbooleantrue CIM_AlertIndication
DescriptionstringPrimary classification of the Indication. The following values are defined: 1 - Other. The Indication ’ s OtherAlertType property conveys its classification. Use of " Other " in an enumeration is a standard CIM convention. It means that the current Indication does not fit into the categories described by this enumeration. 2 - Communications Alert. An Indication of this type is principally associated with the procedures and/or processes required to convey information from one point to another. 3 - Quality of Service Alert. An Indication of this type is principally associated with a degradation or errors in the performance or function of an entity. 4 - Processing Error. An Indication of this type is principally associated with a software or processing fault. 5 - Device Alert. An Indication of this type is principally associated with an equipment or hardware fault. 6 - Environmental Alert. An Indication of this type is principally associated with a condition relating to an enclosure in which the hardware resides, or other environmental considerations. 7 - Model Change. The Indication addresses changes in the Information Model. For example, it may embed a Lifecycle Indication to convey the specific model change being alerted. 8 - Security Alert. An Indication of this type is associated with security violations, detection of viruses, and similar issues. CIM_AlertIndication
ValueMapstring
[See below.]
CIM_AlertIndication
ValuesstringOther
Communications Alert
Quality of Service Alert
Processing Error
Device Alert
Environmental Alert
Model Change
Security Alert
CIM_AlertIndication
MappingStringsstringRecommendation.ITU|X733.Event type CIM_AlertIndication

NameValue
1Other
2Communications Alert
3Quality of Service Alert
4Processing Error
5Device Alert
6Environmental Alert
7Model Change
8Security Alert
Property OtherAlertType Qualifiers
NameTypeValueFrom Class
DescriptionstringA string describing the Alert type - used when the AlertType property is set to 1, " Other State Change " . CIM_AlertIndication
ModelCorrespondencestringCIM_AlertIndication.AlertType CIM_AlertIndication

Property PerceivedSeverity Qualifiers
NameTypeValueFrom Class
Requiredbooleantrue CIM_AlertIndication
OverridestringPerceivedSeverity CIM_AlertIndication
DescriptionstringAn enumerated value that describes the severity of the Alert Indication from the notifier ’ s point of view: 1 - Other, by CIM convention, is used to indicate that the Severity ’ s value can be found in the OtherSeverity property. 3 - Degraded/Warning should be used when its appropriate to let the user decide if action is needed. 4 - Minor should be used to indicate action is needed, but the situation is not serious at this time. 5 - Major should be used to indicate action is needed NOW. 6 - Critical should be used to indicate action is needed NOW and the scope is broad (perhaps an imminent outage to a critical resource will result). 7 - Fatal/NonRecoverable should be used to indicate an error occurred, but it ’ s too late to take remedial action. 2 and 0 - Information and Unknown (respectively) follow common usage. Literally, the AlertIndication is purely informational or its severity is simply unknown. CIM_AlertIndication
ValueMapstring
[See below.]
CIM_AlertIndication
ValuesstringUnknown
Other
Information
Degraded/Warning
Minor
Major
Critical
Fatal/NonRecoverable
CIM_AlertIndication
MappingStringsstringRecommendation.ITU|X733.Perceived severity CIM_AlertIndication

NameValue
0Unknown
1Other
2Information
3Degraded/Warning
4Minor
5Major
6Critical
7Fatal/NonRecoverable
Property ProbableCause Qualifiers
NameTypeValueFrom Class
Requiredbooleantrue CIM_AlertIndication
DescriptionstringAn enumerated value that describes the probable cause of the situation which resulted in the AlertIndication. CIM_AlertIndication
ValueMapstring
[See below.]
CIM_AlertIndication
ValuesstringUnknown
Other
Adapter/Card Error
Application Subsystem Failure
Bandwidth Reduced
Connection Establishment Error
Communications Protocol Error
Communications Subsystem Failure
Configuration/Customization Error
Congestion
Corrupt Data
CPU Cycles Limit Exceeded
Dataset/Modem Error
Degraded Signal
DTE-DCE Interface Error
Enclosure Door Open
Equipment Malfunction
Excessive Vibration
File Format Error
Fire Detected
Flood Detected
Framing Error
HVAC Problem
Humidity Unacceptable
I/O Device Error
Input Device Error
LAN Error
Non-Toxic Leak Detected
Local Node Transmission Error
Loss of Frame
Loss of Signal
Material Supply Exhausted
Multiplexer Problem
Out of Memory
Output Device Error
Performance Degraded
Power Problem
Pressure Unacceptable
Processor Problem (Internal Machine Error)
Pump Failure
Queue Size Exceeded
Receive Failure
Receiver Failure
Remote Node Transmission Error
Resource at or Nearing Capacity
Response Time Excessive
Retransmission Rate Excessive
Software Error
Software Program Abnormally Terminated
Software Program Error (Incorrect Results)
Storage Capacity Problem
Temperature Unacceptable
Threshold Crossed
Timing Problem
Toxic Leak Detected
Transmit Failure
Transmitter Failure
Underlying Resource Unavailable
Version MisMatch
Previous Alert Cleared
Login Attempts Failed
Software Virus Detected
Hardware Security Breached
Denial of Service Detected
Security Credential MisMatch
Unauthorized Access
Alarm Received
Loss of Pointer
Payload Mismatch
Transmission Error
Excessive Error Rate
Trace Problem
Element Unavailable
Element Missing
Loss of Multi Frame
Broadcast Channel Failure
Invalid Message Received
Routing Failure
Backplane Failure
Identifier Duplication
Protection Path Failure
Sync Loss or Mismatch
Terminal Problem
Real Time Clock Failure
Antenna Failure
Battery Charging Failure
Disk Failure
Frequency Hopping Failure
Loss of Redundancy
Power Supply Failure
Signal Quality Problem
Battery Discharging
Battery Failure
Commercial Power Problem
Fan Failure
Engine Failure
Sensor Failure
Fuse Failure
Generator Failure
Low Battery
Low Fuel
Low Water
Explosive Gas
High Winds
Ice Buildup
Smoke
Memory Mismatch
Out of CPU Cycles
Software Environment Problem
Software Download Failure
Element Reinitialized
Timeout
Logging Problems
Leak Detected
Protection Mechanism Failure
Protecting Resource Failure
Database Inconsistency
Authentication Failure
Breach of Confidentiality
Cable Tamper
Delayed Information
Duplicate Information
Information Missing
Information Modification
Information Out of Sequence
Key Expired
Non-Repudiation Failure
Out of Hours Activity
Out of Service
Procedural Error
Unexpected Information
CIM_AlertIndication
MappingStringsstringRecommendation.ITU|X733.Probable cause
Recommendation.ITU|M3100.probableCause
ITU-IANA-ALARM-TC
CIM_AlertIndication
ModelCorrespondencestringCIM_AlertIndication.ProbableCauseDescription
CIM_AlertIndication.EventID
CIM_AlertIndication.EventTime
CIM_AlertIndication

NameValue
0Unknown
1Other
2Adapter/Card Error
3Application Subsystem Failure
4Bandwidth Reduced
5Connection Establishment Error
6Communications Protocol Error
7Communications Subsystem Failure
8Configuration/Customization Error
9Congestion
10Corrupt Data
11CPU Cycles Limit Exceeded
12Dataset/Modem Error
13Degraded Signal
14DTE-DCE Interface Error
15Enclosure Door Open
16Equipment Malfunction
17Excessive Vibration
18File Format Error
19Fire Detected
20Flood Detected
21Framing Error
22HVAC Problem
23Humidity Unacceptable
24I/O Device Error
25Input Device Error
26LAN Error
27Non-Toxic Leak Detected
28Local Node Transmission Error
29Loss of Frame
30Loss of Signal
31Material Supply Exhausted
32Multiplexer Problem
33Out of Memory
34Output Device Error
35Performance Degraded
36Power Problem
37Pressure Unacceptable
38Processor Problem (Internal Machine Error)
39Pump Failure
40Queue Size Exceeded
41Receive Failure
42Receiver Failure
43Remote Node Transmission Error
44Resource at or Nearing Capacity
45Response Time Excessive
46Retransmission Rate Excessive
47Software Error
48Software Program Abnormally Terminated
49Software Program Error (Incorrect Results)
50Storage Capacity Problem
51Temperature Unacceptable
52Threshold Crossed
53Timing Problem
54Toxic Leak Detected
55Transmit Failure
56Transmitter Failure
57Underlying Resource Unavailable
58Version MisMatch
59Previous Alert Cleared
60Login Attempts Failed
61Software Virus Detected
62Hardware Security Breached
63Denial of Service Detected
64Security Credential MisMatch
65Unauthorized Access
66Alarm Received
67Loss of Pointer
68Payload Mismatch
69Transmission Error
70Excessive Error Rate
71Trace Problem
72Element Unavailable
73Element Missing
74Loss of Multi Frame
75Broadcast Channel Failure
76Invalid Message Received
77Routing Failure
78Backplane Failure
79Identifier Duplication
80Protection Path Failure
81Sync Loss or Mismatch
82Terminal Problem
83Real Time Clock Failure
84Antenna Failure
85Battery Charging Failure
86Disk Failure
87Frequency Hopping Failure
88Loss of Redundancy
89Power Supply Failure
90Signal Quality Problem
91Battery Discharging
92Battery Failure
93Commercial Power Problem
94Fan Failure
95Engine Failure
96Sensor Failure
97Fuse Failure
98Generator Failure
99Low Battery
100Low Fuel
101Low Water
102Explosive Gas
103High Winds
104Ice Buildup
105Smoke
106Memory Mismatch
107Out of CPU Cycles
108Software Environment Problem
109Software Download Failure
110Element Reinitialized
111Timeout
112Logging Problems
113Leak Detected
114Protection Mechanism Failure
115Protecting Resource Failure
116Database Inconsistency
117Authentication Failure
118Breach of Confidentiality
119Cable Tamper
120Delayed Information
121Duplicate Information
122Information Missing
123Information Modification
124Information Out of Sequence
125Key Expired
126Non-Repudiation Failure
127Out of Hours Activity
128Out of Service
129Procedural Error
130Unexpected Information
Property ProbableCauseDescription Qualifiers
NameTypeValueFrom Class
DescriptionstringProvides additional information related to the ProbableCause. CIM_AlertIndication
ModelCorrespondencestringCIM_AlertIndication.ProbableCause CIM_AlertIndication

Property Trending Qualifiers
NameTypeValueFrom Class
DescriptionstringProvides information on trending - trending up, down or no change. CIM_AlertIndication
ValueMapstring
[See below.]
CIM_AlertIndication
ValuesstringUnknown
Not Applicable
Trending Up
Trending Down
No Change
CIM_AlertIndication
MappingStringsstringRecommendation.ITU|X733.TrendIndication CIM_AlertIndication

NameValue
0Unknown
1Not Applicable
2Trending Up
3Trending Down
4No Change
Property RecommendedActions Qualifiers
NameTypeValueFrom Class
DescriptionstringFree form descriptions of the recommended actions to take to resolve the cause of the notification. CIM_AlertIndication
MappingStringsstringRecommendation.ITU|X733.Proposed repair actions CIM_AlertIndication

Property EventID Qualifiers
NameTypeValueFrom Class
DescriptionstringAn instrumentation or provider specific value that describes the underlying " real-world " event represented by the Indication. Two Indications with the same, non NULL EventID value are considered, by the creating entity, to represent the same event. The comparison of two EventID values is only defined for Alert Indications with identical, non NULL values of SystemCreateClassName, SystemName and ProviderName. CIM_AlertIndication
ModelCorrespondencestringCIM_AlertIndication.ProbableCause CIM_AlertIndication

Property EventTime Qualifiers
NameTypeValueFrom Class
DescriptionstringThe time and date the underlying event was first detected. If specified, this property MUST be set to NULL if the creating entity is not capable of providing this information. This value is based on the notion of local date and time of the Managed System Element generating the Indication. CIM_AlertIndication
ModelCorrespondencestringCIM_AlertIndication.ProbableCause CIM_AlertIndication

Property SystemCreationClassName Qualifiers
NameTypeValueFrom Class
DescriptionstringThe scoping System ’ s CreationClassName for the Provider generating this Indication. CIM_AlertIndication
MaxLenuint32256 CIM_AlertIndication

Property SystemName Qualifiers
NameTypeValueFrom Class
DescriptionstringThe scoping System ’ s Name for the Provider generating this Indication. CIM_AlertIndication
MaxLenuint32256 CIM_AlertIndication

Property ProviderName Qualifiers
NameTypeValueFrom Class
DescriptionstringThe name of the Provider generating this Indication. CIM_AlertIndication
MaxLenuint32256 CIM_AlertIndication

Property OwningEntity Qualifiers
NameTypeValueFrom Class
DescriptionstringA string that uniquely identifies the entity that owns the definition of the format of the Message described in this instance. OwningEntity MUST include a copyrighted, trademarked or otherwise unique name that is owned by the business entity or standards body defining the format. CIM_AlertIndication

Property MessageID Qualifiers
NameTypeValueFrom Class
DescriptionstringA string that uniquely identifies, within the scope of the OwningEntity, the format of the Message. CIM_AlertIndication
ModelCorrespondencestringCIM_AlertIndication.Message
CIM_AlertIndication.MessageArguments
CIM_AlertIndication

Property Message Qualifiers
NameTypeValueFrom Class
DescriptionstringThe formatted message. This message is constructed by applying the dynamic content of the message, described in MessageArguments, to the format string uniquely identified, within the scope of the OwningEntity, by MessageID. CIM_AlertIndication
ModelCorrespondencestringCIM_AlertIndication.MessageID
CIM_AlertIndication.MessageArguments
CIM_AlertIndication

Property MessageArguments Qualifiers
NameTypeValueFrom Class
DescriptionstringAn array containing the dynamic content of the message. CIM_AlertIndication
ModelCorrespondencestringCIM_AlertIndication.Message
CIM_AlertIndication.MessageID
CIM_AlertIndication

Property IndicationIdentifier Qualifiers
NameTypeValueFrom Class
DescriptionstringAn identifier for the Indication. This property is similar to a key value in that it can be used for identification, when correlating Indications (see the CorrelatedIndications array). Its value SHOULD be unique as long as Alert correlations are reported, but MAY be reused or left NULL if no future Indications will reference it in their CorrelatedIndications array. CIM_Indication
MappingStringsstringRecommendation.ITU|X733.Notification identifier CIM_Indication

Property CorrelatedIndications Qualifiers
NameTypeValueFrom Class
DescriptionstringA list of IndicationIdentifiers whose notifications are correlated with (related to) this one. CIM_Indication
MappingStringsstringRecommendation.ITU|X733.Correlated notifications CIM_Indication

Property IndicationTime Qualifiers
NameTypeValueFrom Class
DescriptionstringThe time and date of creation of the Indication. The property may be set to NULL if the entity creating the Indication is not capable of determining this information. Note that IndicationTime may be the same for two Indications that are generated in rapid succession. CIM_Indication

Property PerceivedSeverity Qualifiers
NameTypeValueFrom Class
DescriptionstringAn enumerated value that describes the severity of the Indication from the notifier ’ s point of view: 1 - Other, by CIM convention, is used to indicate that the Severity ’ s value can be found in the OtherSeverity property. 3 - Degraded/Warning should be used when its appropriate to let the user decide if action is needed. 4 - Minor should be used to indicate action is needed, but the situation is not serious at this time. 5 - Major should be used to indicate action is needed NOW. 6 - Critical should be used to indicate action is needed NOW and the scope is broad (perhaps an imminent outage to a critical resource will result). 7 - Fatal/NonRecoverable should be used to indicate an error occurred, but it ’ s too late to take remedial action. 2 and 0 - Information and Unknown (respectively) follow common usage. Literally, the Indication is purely informational or its severity is simply unknown. CIM_Indication
ValueMapstring
[See below.]
CIM_Indication
ValuesstringUnknown
Other
Information
Degraded/Warning
Minor
Major
Critical
Fatal/NonRecoverable
CIM_Indication
MappingStringsstringRecommendation.ITU|X733.Perceived severity CIM_Indication

NameValue
0Unknown
1Other
2Information
3Degraded/Warning
4Minor
5Major
6Critical
7Fatal/NonRecoverable
Property OtherSeverity Qualifiers
NameTypeValueFrom Class
DescriptionstringHolds the value of the user defined severity value when ’ PerceivedSeverity ’ is 1 ( " Other " ). CIM_Indication
ModelCorrespondencestringCIM_AlertIndication.PerceivedSeverity CIM_Indication

Methods

Method Qualifiers

Parameters

Parameter Qualifiers

Associations this class can participate in