-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Gilles Lehmann edited this page Jan 18, 2023
·
19 revisions
The Incident Detection Message Exchange Format version 2 (IDMEFv2) provides a way to describe any incidents detected on cyber and/or physical infrastructures.
The format is agnostic so it can be used in standalone or combined cyber (SIEM), physical (PSIM) and availability (NMS) monitoring systems. IDMEFv2 can also be used to describe cyber and physical potential threats (CTI/PTI).
- IDMEFv2 in a nutshell : Short introduction
- IDMEFv2 History and genesis of the format: A brief history of IDMEF. Started last century ...
- IDMEFv2 Standard Definition principles: The twelve principles followed to define IDMEFv2.
- IDMEF Glossary: Glossary of IDMEFv2 related terms
- IDMEFv2 FAQ : Frequently Asked Questions about the format.
- IDMEFv1 : Issues, limitations and changes
This chapter explains and justifies choices made for the IDMEFv2 classes and attributes. During the tuning phase it will also contains comments, remarks and still open questions.
Abbreviation :
TBD : To be define/done
TBC : To be clarified
TBM : To be modified
TBR : To be removed
Please refer first to the "IDMEFv2 Principles" wiki page for more general definition principles of IDMEFv2.
Format Draft :
- Global comments: Global comments/remarks/justification about the draft.
- Alert Class Comments: Comments/remarks/justification about the Alert Class attributes
- Analyser Class Comments: Comments/remarks/justification about the AnalyserClass attributes
- Sensor Class Comments: Comments/remarks/justification about the Sensor Class attributes
- Source Class Comments: Comments/remarks/justification about the Source Class attributes
- Target Class Comments: Comments/remarks/justification about the Target Class attributes
- Vector Class Comments: Comments/remarks/justification about the Vector Class attributes