<head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"> <link rel="stylesheet" type="text/css" href="mof.css" xmlns:lxslt="http://xml.apache.org/xslt"> <title>DMTF Schema Documentation Schema Documentation</title> </head><html> <body bgcolor="White"> <hr> </hr> <a name="CIM_SecurityIndication"></a> <H1>Class CIM_SecurityIndication<BR>extends <a href="CIM_AlertIndication.html">CIM_AlertIndication</a> </H1>SecurityIndication provides a common superclass for the CIM Security Events schema. SecurityIndications are messages produced by Detectors that watch for and report on events that have security implications. Detectors may include, but are not limited to intrusion detection systems, antivirus scanners, firewalls, vulnerability scanners, or operating system sentries and subsystems. Although often due to attacks or probes, security events can also reflect normal activity, such as host or network login, firewall connections, etc. Messages include information about the Effect of the event, the Mechanism or method by which the event occurred, and the Resource affected by the event. Properties from the base class CIM_Indication that MUST be populated are: IndicationIdentifier and IndicationTime. A property from the superclass CIM_AlertIndication that MUST be populated is: AlertType which MUST be set to "Security". EventID, ProviderName and AlertingManagedElement in some combination SHOULD be populated in a way that identifies the device type and its source in an unambiguous way from the Detector's point of view.<h3> Table of Contents<br> <a href="#c_hierarchy">Hierarchy</a> <br> <a href="#c_subclasses">Direct Known Subclasses</a> <br> <a href="#c_qualifiers">Class Qualifiers</a> <br> <a href="#c_properties">Class Properties</a> <br> <a href="#c_methods">Class Methods</a> <br> </h3> <hr> </hr> <H2> <a name="c_hierarchy">Class Hierarchy</a> </H2> <a href="CIM_Indication.html">CIM_Indication</a> <br data="@NAME"> |<br> +--<a href="CIM_ProcessIndication.html">CIM_ProcessIndication</a> <br data="@NAME"> |<br> +--<a href="CIM_AlertIndication.html">CIM_AlertIndication</a> <br data="@NAME"> |<br> +--<b>CIM_SecurityIndication</b> <br data="CIM_SecurityIndication -- CIM_AlertIndication"> <H2> <a name="c_subclasses">Direct Known Subclasses</a> </H2> <a href="CIM_IPNetworkSecurityIndication.html">CIM_IPNetworkSecurityIndication</a> <BR> <H2> <a name="c_qualifiers">Class Qualifiers</a> </H2> <TABLE BORDER="1" CELLPADDING="1" WIDTH="100%"> <TR> <TH>Name</TH><TH>Data Type</TH><TH>Value</TH> </TR> <TR> <TD VALIGN="TOP">Description</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">SecurityIndication provides a common superclass for the CIM Security Events schema. SecurityIndications are messages produced by Detectors that watch for and report on events that have security implications. Detectors may include, but are not limited to intrusion detection systems, antivirus scanners, firewalls, vulnerability scanners, or operating system sentries and subsystems. Although often due to attacks or probes, security events can also reflect normal activity, such as host or network login, firewall connections, etc. Messages include information about the Effect of the event, the Mechanism or method by which the event occurred, and the Resource affected by the event. Properties from the base class CIM_Indication that MUST be populated are: IndicationIdentifier and IndicationTime. A property from the superclass CIM_AlertIndication that MUST be populated is: AlertType which MUST be set to "Security". EventID, ProviderName and AlertingManagedElement in some combination SHOULD be populated in a way that identifies the device type and its source in an unambiguous way from the Detector's point of view.</TD> </TR> <TR> <TD VALIGN="TOP">Experimental</TD><TD VALIGN="TOP">boolean</TD><TD VALIGN="TOP">true</TD> </TR> <TR> <TD VALIGN="TOP">Indication</TD><TD VALIGN="TOP">boolean</TD><TD VALIGN="TOP">true</TD> </TR> <TR> <TD VALIGN="TOP">UMLPackagePath</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">CIM::Event</TD> </TR> <TR> <TD VALIGN="TOP">Version</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">2.10.0</TD> </TR> </TABLE> <H2> <a name="c_properties">Class Properties</a> </H2> <H3>Local Class Properties</H3> <TABLE WIDTH="100%" CELLPADDING="1" BORDER="1"> <TR> <TH ROWSPAN="2"><B>Name</B></TH><TH ROWSPAN="2"><B>Data Type</B></TH><TH ROWSPAN="2"><B>Default Value</B></TH><TH COLSPAN="5"><B>Qualifiers</B></TH> </TR> <TR> <TH>Name</TH><TH>Data Type</TH><TH>Value</TH> </TR> <TR> <TH ROWSPAN="7" VALIGN="TOP">AlertType</TH><TD ROWSPAN="7" VALIGN="TOP">uint16</TD><TD ROWSPAN="7" VALIGN="TOP">8</TD> </TR> <TR> <TD VALIGN="TOP">Description</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">Primary classification of the Indication. The following value is the only value permitted from AlertIndication: 8 - Security Alert. An Indication of this type is associated with security violations, detection of viruses, and similar issues.</TD> </TR> <TR> <TD VALIGN="TOP">MappingStrings</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">Recommendation.ITU|X733.Event type</TD> </TR> <TR> <TD VALIGN="TOP">Override</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">AlertType</TD> </TR> <TR> <TD VALIGN="TOP">Required</TD><TD VALIGN="TOP">boolean</TD><TD VALIGN="TOP">true</TD> </TR> <TR> <TD VALIGN="TOP">ValueMap</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">8</TD> </TR> <TR> <TD VALIGN="TOP">Values</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">Security Alert</TD> </TR> <TR> <TH ROWSPAN="5" VALIGN="TOP">EventCount</TH><TD ROWSPAN="5" VALIGN="TOP">uint16</TD><TD ROWSPAN="5" VALIGN="TOP">1</TD> </TR> <TR> <TD VALIGN="TOP">Counter</TD><TD VALIGN="TOP">boolean</TD><TD VALIGN="TOP">true</TD> </TR> <TR> <TD VALIGN="TOP">Description</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">The number of events represented by this Indication. If IndicationStartCountTime is not NULL, EventCount MUST be greater than 1 which means that the Indication represents an event aggregate.</TD> </TR> <TR> <TD VALIGN="TOP">MinValue</TD><TD VALIGN="TOP">sint64</TD><TD VALIGN="TOP">1</TD> </TR> <TR> <TD VALIGN="TOP">ModelCorrespondence</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">CIM_SecurityIndication.IndicationStartCountTime</TD> </TR> <TR> <TH ROWSPAN="5" VALIGN="TOP">IndicationIdentifier</TH><TD ROWSPAN="5" VALIGN="TOP">string</TD><TD ROWSPAN="5" VALIGN="TOP"></TD> </TR> <TR> <TD VALIGN="TOP">Description</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">An identifier for the Indication. This property is similar to a key value in that it can be used for identification, when correlating Indications (see the CorrelatedIndications array). Its value SHOULD be unique as long as Alert correlations are reported, but MAY be reused or left NULL if no future Indications will reference it in their CorrelatedIndications array.</TD> </TR> <TR> <TD VALIGN="TOP">MappingStrings</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">Recommendation.ITU|X733.Notification identifier</TD> </TR> <TR> <TD VALIGN="TOP">Override</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">IndicationIdentifier</TD> </TR> <TR> <TD VALIGN="TOP">Required</TD><TD VALIGN="TOP">boolean</TD><TD VALIGN="TOP">true</TD> </TR> <TR> <TH ROWSPAN="3" VALIGN="TOP">IndicationStartCountTime</TH><TD ROWSPAN="3" VALIGN="TOP">datetime</TD><TD ROWSPAN="3" VALIGN="TOP"></TD> </TR> <TR> <TD VALIGN="TOP">Description</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">The start time and date of a range of events represented by the Indication whose current event time is specified by IndicationTime. If the Indication represents a single event, this property MUST be set to NULL. If the Indication represents multiple events over time, the EventCount property MUST be greater than 1 and this property MUST be less than or equal to the IndicationTime value. In this case, the Indication represents an event aggregate with the aggregate amplitude being the EventCount property. The time range or EventCount does not imply a threshold in and of itself, but a time or amplitude threshold MAY be used in determining how a Detector populates this property.</TD> </TR> <TR> <TD VALIGN="TOP">ModelCorrespondence</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">CIM_SecurityIndication.EventCount, CIM_SecurityIndication.IndicationTime</TD> </TR> <TR> <TH ROWSPAN="5" VALIGN="TOP">IndicationTime</TH><TD ROWSPAN="5" VALIGN="TOP">datetime</TD><TD ROWSPAN="5" VALIGN="TOP"></TD> </TR> <TR> <TD VALIGN="TOP">Description</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">The time and date of creation of the Indication. The property may be set to NULL if the entity creating the Indication is not capable of determining this information. Note that IndicationTime may be the same for two Indications that are generated in rapid succession.</TD> </TR> <TR> <TD VALIGN="TOP">ModelCorrespondence</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">CIM_SecurityIndication.IndicationStartCountTime</TD> </TR> <TR> <TD VALIGN="TOP">Override</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">IndicationTime</TD> </TR> <TR> <TD VALIGN="TOP">Required</TD><TD VALIGN="TOP">boolean</TD><TD VALIGN="TOP">true</TD> </TR> <TR> <TH ROWSPAN="5" VALIGN="TOP">MessageType</TH><TD ROWSPAN="5" VALIGN="TOP">uint16</TD><TD ROWSPAN="5" VALIGN="TOP"></TD> </TR> <TR> <TD VALIGN="TOP">Description</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">MessageType is an identifier distinguishing the instance of a SecurityIndication semantically. Instances of this class or its subclasses have different meaning depending upon the value of MessageType. For example, overrides of this property in subclasses can define new MethodTypes, such as "Virus Found" or "Vulnerability Detected". A range of values, DMTF_Reserved, and Vendor Reserved, has been defined that allows subclasses to override and define their specific event message types. Note that MessageType does not correspond to the CIM_AlertIndication "Message" property, which holds a formatted string for general AlertIndications. CIM_AlertIndication.Message MAY be used to contain message text sent by the Detector, but in addition to, rather than in lieu of SecurityIndication specific properties.</TD> </TR> <TR> <TD VALIGN="TOP">Required</TD><TD VALIGN="TOP">boolean</TD><TD VALIGN="TOP">true</TD> </TR> <TR> <TD VALIGN="TOP">ValueMap</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">0, .., 2, 16000..</TD> </TR> <TR> <TD VALIGN="TOP">Values</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">Unknown, DMTF Reserved, Not Applicable, Vendor Reserved</TD> </TR> <TR> <TH ROWSPAN="7" VALIGN="TOP">Effects</TH><TD ROWSPAN="7" VALIGN="TOP">uint16[]</TD><TD ROWSPAN="7" VALIGN="TOP"></TD> </TR> <TR> <TD VALIGN="TOP">ArrayType</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">Indexed</TD> </TR> <TR> <TD VALIGN="TOP">Description</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">An array of enumerated values that describes the effect(s) of an event from the Detector's point of view. Some security devices such as simple packet filters may not be able to detect the notion of an event's Effect. In these cases, the Effect is "Unknown". Although in many cases the Effect of an attack is intended, not all attacks have a known intent, such as viruses or other malicious code, which may have multiple varied Effects. If there is more than one Effect, the first element in the array SHOULD represent the most significant or most severe Effect, from the Detector's point of view. The following values are defined: 0 - Unknown means the Effect of the event is purely unknown. 2 - Degradation. The message indicates that an attempt was made to damage or impair usability, performance, service availability, etc. 3 - Reconnaissance. The message indicates that there was an attempt to gather information useful for attacks, or probe for vulnerabilities without necessarily exploiting them. 4 - Access. The message indicates that access has been attempted or made to data or services. 5 - Integrity. The message indicates that there was an attempt to modify or delete data. 6 - System Compromised. The message indicates that an attacker succeeded in gaining complete access to the system.</TD> </TR> <TR> <TD VALIGN="TOP">ModelCorrespondence</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">CIM_SecurityIndication.MoreSpecificEffects</TD> </TR> <TR> <TD VALIGN="TOP">Required</TD><TD VALIGN="TOP">boolean</TD><TD VALIGN="TOP">true</TD> </TR> <TR> <TD VALIGN="TOP">ValueMap</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">0, .., 2, 3, 4, 5, 6, 16000..</TD> </TR> <TR> <TD VALIGN="TOP">Values</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">Unknown, DMTF Reserved, Degradation, Reconnaissance, Access, Integrity, System Compromised, Vendor Reserved</TD> </TR> <TR> <TH ROWSPAN="7" VALIGN="TOP">Mechanisms</TH><TD ROWSPAN="7" VALIGN="TOP">uint16[]</TD><TD ROWSPAN="7" VALIGN="TOP"></TD> </TR> <TR> <TD VALIGN="TOP">ArrayType</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">Indexed</TD> </TR> <TR> <TD VALIGN="TOP">Description</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">An array of integers indicating the method(s) used in an attack, probe, or other action. When more than one value is used there MAY be a parent/child or hierarchical relationship between values where the more general or parent value is at the lowest index and the more specific or child value(s) are at increasing indices. Values with a parent/child relationship are: Parent - NetworkProtocol Children - NetworkICMP, NetworkTCP, NetworkUDP, NetworkHTTP Parent - Overloading Children - Congestion, Saturation Mechanisms values can be used with any of the Effects values, depending on the method(s) employed in an attack or probe. For example, a DoS attack using ICMP packets, Effects would contain Degradation, and Mechanisms would contain NetworkProtocol and NetworkICMP in that order. For a port scan, Effects contains Reconnaissance and Mechanisms would contain PortScan.</TD> </TR> <TR> <TD VALIGN="TOP">ModelCorrespondence</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">CIM_SecurityIndication.MoreSpecificMechanisms</TD> </TR> <TR> <TD VALIGN="TOP">Required</TD><TD VALIGN="TOP">boolean</TD><TD VALIGN="TOP">true</TD> </TR> <TR> <TD VALIGN="TOP">ValueMap</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">0, .., 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 16000..</TD> </TR> <TR> <TD VALIGN="TOP">Values</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">Unknown, DMTF Reserved, ArpPoisoning, Backdoor, Rootkit, Trojan, BufferOverflow, GuessPassword, ReplayAttack, SQLInjection, SpoofIdentity, PortSweep, HostSweep, NetworkSweep, NetworkICMP, NetworkTCP, NetworkUDP, Worm, Virus, Non-viral Malicious, Spyware, Adware, Login, Logout, Application Exploitation, Script Injection, Stale-data Scan, Congestion, Saturation, Overloading, Port Scan, Network Protocol, Network HTTP, Phishing, Redirection, RemoteExecution, DataManipulation, Cross-site Scripting, Vendor Reserved</TD> </TR> <TR> <TH ROWSPAN="4" VALIGN="TOP">MoreSpecificEffects</TH><TD ROWSPAN="4" VALIGN="TOP">string[]</TD><TD ROWSPAN="4" VALIGN="TOP"></TD> </TR> <TR> <TD VALIGN="TOP">ArrayType</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">Indexed</TD> </TR> <TR> <TD VALIGN="TOP">Description</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">If more details are known about the effect of an attack or probe, this property can contain that information. For example, if one of the values of Effects is Access, a more specific Effect might be HostCompromised. Or, if the Effect is Degradation, a more specific effect might be DistributedDoS. String values for this property are vendor or Detector specific and as such, the property CIM_AlertIndication.OwningEntity SHOULD be populated to identify the business entity or standards body defining the possible values.</TD> </TR> <TR> <TD VALIGN="TOP">ModelCorrespondence</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">CIM_SecurityIndication.Effects, CIM_AlertIndication.OwningEntity</TD> </TR> <TR> <TH ROWSPAN="4" VALIGN="TOP">MoreSpecificMechanisms</TH><TD ROWSPAN="4" VALIGN="TOP">string[]</TD><TD ROWSPAN="4" VALIGN="TOP"></TD> </TR> <TR> <TD VALIGN="TOP">ArrayType</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">Indexed</TD> </TR> <TR> <TD VALIGN="TOP">Description</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">Specifies a more specific mechanism based on a value specified in the Mechanisms property. For example, if one of the values of Mechanisms is Trojan, then a MoreSpecificMechanisms might be Connect for a trojan that opens a port and listens for connections. A different method might be Response if the trojan sends information. String values for this property are vendor or Detector specific and as such, the property CIM_AlertIndication.OwningEntity SHOULD be populated to identify the business entity or standards body defining the possible values.</TD> </TR> <TR> <TD VALIGN="TOP">ModelCorrespondence</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">CIM_SecurityIndication.Mechanisms, CIM_AlertIndication.OwningEntity</TD> </TR> <TR> <TH ROWSPAN="4" VALIGN="TOP">MoreSpecificResources</TH><TD ROWSPAN="4" VALIGN="TOP">string[]</TD><TD ROWSPAN="4" VALIGN="TOP"></TD> </TR> <TR> <TD VALIGN="TOP">ArrayType</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">Indexed</TD> </TR> <TR> <TD VALIGN="TOP">Description</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">Specifies a more specific resource based on a value specified in the Resources property. For example, if one of the values of Resources is Web, then a MoreSpecificResource might be Apache for an attack or probe against an Apache web server. String values for this property are vendor or Detector specific and as such, the property CIM_AlertIndication.OwningEntity SHOULD be populated to identify the business entity or standards body defining the possible values.</TD> </TR> <TR> <TD VALIGN="TOP">ModelCorrespondence</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">CIM_SecurityIndication.Resources, CIM_AlertIndication.OwningEntity</TD> </TR> <TR> <TH ROWSPAN="7" VALIGN="TOP">Resources</TH><TD ROWSPAN="7" VALIGN="TOP">uint16[]</TD><TD ROWSPAN="7" VALIGN="TOP"></TD> </TR> <TR> <TD VALIGN="TOP">ArrayType</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">Indexed</TD> </TR> <TR> <TD VALIGN="TOP">Description</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">An integer indicating the type(s) of resource affected by an attack or probe. When more than one value is used there MAY be a parent/child or hierarchical relationship between values where the more general or parent value is at the lowest index and the more specific or child value(s) are at increasing indices. Values with a parent/child relationship are: Parent - Remote Service Children - Remote Share, Naming Service, DB, FTP, Mail, RPC, Web Parent - Remote Share Children - NFS, SMB, CIFS Parent - Naming Service Children - DNS, LDAP Parent - Application Children - Application Data, Application Configuration Parent - OS Children - OS Kernel, OS Configuration, OS Session, File System, Process, Service, User Account, Privileges, User Policy, Group, Registry, File Parent - Network Device Children - Firewall, Router, Switch For example, DB indicates that an attack was made against a database server, where Mail indicates that some type of email server is affected. DB, DNS, and other values can mean a server or service, e.g. there is no distinction between a DNS server resource and a DNS service resource. Web means a web server/service but more specific resources of this type can be specified using the MoreSpecificResources property, e.g. IIS, Apache, iPlanet, etc.</TD> </TR> <TR> <TD VALIGN="TOP">ModelCorrespondence</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">CIM_SecurityIndication.MoreSpecificResources</TD> </TR> <TR> <TD VALIGN="TOP">Required</TD><TD VALIGN="TOP">boolean</TD><TD VALIGN="TOP">true</TD> </TR> <TR> <TD VALIGN="TOP">ValueMap</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">0, .., 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 16000..</TD> </TR> <TR> <TD VALIGN="TOP">Values</TD><TD VALIGN="TOP">string</TD><TD VALIGN="TOP">Unknown, DMTF Reserved, DB, DNS, FTP, Mail, Web, Host, Firewall, Registry, Network Device, Hardware, User Activity, Cookies, Network Data, Application Data, Application Configuration, OS Kernel, OS Configuration, OS Session, File System, Process, Service, Network Session, URL, User Account, Privileges, User Policy, Group, RPC, SNMP, Remote Service, Remote Share, Naming Service, Application, OS, NFS, SMB, CIFS, CPU, Router, Switch, LDAP, Vendor Reserved</TD> </TR> </TABLE> <H3>Inherited Properties</H3> <TABLE BORDER="1" CELLPADDING="1" WIDTH="60%"> <TR> <TH>Name</TH><TH>Data Type</TH><TH>Class Origin</TH> </TR> <TR> <TH VALIGN="TOP">AlertingElementFormat</TH><TD VALIGN="TOP">uint16</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">AlertingManagedElement</TH><TD VALIGN="TOP">string</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">Description</TH><TD VALIGN="TOP">string</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">EventID</TH><TD VALIGN="TOP">string</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">EventTime</TH><TD VALIGN="TOP">datetime</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">IndicationFilterName</TH><TD VALIGN="TOP">string</TD><TD VALIGN="TOP"><a href="CIM_Indication.html">CIM_Indication</a></TD> </TR> <TR> <TH VALIGN="TOP">Message</TH><TD VALIGN="TOP">string</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">MessageID</TH><TD VALIGN="TOP">string</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">OtherAlertingElementFormat</TH><TD VALIGN="TOP">string</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">OtherAlertType</TH><TD VALIGN="TOP">string</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">OtherSeverity</TH><TD VALIGN="TOP">string</TD><TD VALIGN="TOP"><a href="CIM_Indication.html">CIM_Indication</a></TD> </TR> <TR> <TH VALIGN="TOP">OwningEntity</TH><TD VALIGN="TOP">string</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">PerceivedSeverity</TH><TD VALIGN="TOP">uint16</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">ProbableCause</TH><TD VALIGN="TOP">uint16</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">ProbableCauseDescription</TH><TD VALIGN="TOP">string</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">ProviderName</TH><TD VALIGN="TOP">string</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">SystemCreationClassName</TH><TD VALIGN="TOP">string</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">SystemName</TH><TD VALIGN="TOP">string</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">Trending</TH><TD VALIGN="TOP">uint16</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">CorrelatedIndications</TH><TD VALIGN="TOP">string[]</TD><TD VALIGN="TOP"><a href="CIM_Indication.html">CIM_Indication</a></TD> </TR> <TR> <TH VALIGN="TOP">MessageArguments</TH><TD VALIGN="TOP">string[]</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> <TR> <TH VALIGN="TOP">RecommendedActions</TH><TD VALIGN="TOP">string[]</TD><TD VALIGN="TOP"><a href="CIM_AlertIndication.html">CIM_AlertIndication</a></TD> </TR> </TABLE> <h2> <a name="c_methods">Class Methods</a> </h2> </body> </html>
