Swift IDMEFv2 transport library

A Swift library for transporting JSON IDMEFv2 messages. It can be used to transfer Incident Detection Message Exchange Format (IDMEFv2) messages for exchange with other systems.

IDMEFv2 messages can be generated, validated and serialized/deserialized using the swift-idmef-library.

This code is currently in an experimental status and is regularly kept in sync with the development status of the IDMEFv2 format, as part of the SECurity Exchange Format project.

The latest revision of the IDMEFv2 format specification can be found there: https://github.com/IDMEFv2/IDMEFv2-Specification

You can find more information about the previous version (v1) of the Intrusion Detection Message Exchange Format in RFC 4765.

Compiling the library

The following prerequisites must be installed on your system to install and use this library:

• Swift: version 5.5 or above

The library has the following third-party dependencies:

• swift-idmef-library: https://github.com/teclib-idmef/swift-idmef-library
• Embassy web server: https://github.com/envoy/Embassy.git

Note: building using swift automaticaly pulls the needed dependencies.

To compile the library:

swift build

This will build a bundle located in ./.build/.

Using the libray

Swift Package Manager

The Swift Package Manager is a tool for automating the distribution of Swift code and is integrated into the swift compiler.

Once you have your Swift package set up, adding swift-idmef-transport-library as a dependency is as easy as adding it to the dependencies value of your Package.swift.

dependencies: [
    .package(url: "https://github.com/teclib-idmef/swift-idmef-transport-library.git", .upToNextMajor(from: "1.0.1"))
]

Client

A new client can be created by instantiating IDMEFClient. Once created, message can be send using the send() method.

import IDMEF
import Foundation
import FoundationNetworking
import IDMEFTransport

@main
public class IDMEFExample {

    public static func message1() -> IDMEFObject {
        var msg = IDMEFObject()
        msg["Version"] = "2.0.3"
        msg["ID"] = UUID().uuidString
        msg["CreateTime"] = "2021-11-22T14:42:51.881033Z"

        var analyzer = [AnyHashable:Any]()
        analyzer["IP"] = "127.0.0.1"
        analyzer["Name"] = "foobar"
        analyzer["Model"] = "generic"
        analyzer["Category"] = ["LOG"]
        analyzer["Data"] = ["Log"]
        analyzer["Method"] = ["Monitor"]

        msg["Analyzer"] = analyzer

        return msg
    }

    func main() {
        let client = IDMEFClient(url: "http://127.0.0.1:9999")

        let (response, _) = client.send(message: IDMEFExample.message1()

        guard let response = response as? HTTPURLResponse, (200...299).contains(response.statusCode) else {
            print(response as! HTTPURLResponse)
            return
        }
    }
}

Server

A new server can be created by instantiating IDMEFServer. Once created, server loop message can be started using the start() method. This method will loop processing messages received by the server.

import IDMEFTransport

let server = IDMEFServer(port: 9999)

server.start()

Contributions

All contributions must be licensed under the Apache-2.0 license. See the LICENSE file inside this repository for more information.