IDMEF | RFCs

 

RFC 4765 – The Intrusion Detection Message Exchange Format (IDMEF)

The purpose of the Intrusion Detection Message Exchange Format (IDMEF) is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems and to the management systems that may need to interact with them. This document describes a data model to represent information exported by intrusion detection systems and explains the rationale for using this model. An implementation of the data model in the Extensible Markup Language (XML) is presented, an XML Document Type Definition is developed, and examples are provided.

 

RFC 4766 – Intrusion Detection Message Exchange Requirements

The purpose of the Intrusion Detection Exchange Format Working Group (IDWG) is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems and to the management systems that may need to interact with them. This document describes the high-level requirements for such a communication mechanism, including the rationale for those requirements where clarification is needed. Scenarios are used to illustrate some requirements.

 

RFC 4767 – The Intrusion Detection Exchange Protocol (IDXP)

IDXP provides for the exchange of IDMEF messages, unstructured text, and binary data between intrusion detection entities.
Addressing the security-sensitive nature of exchanges between intrusion detection entities, underlying BEEP security profiles should be used to offer IDXP the required set of security properties. IDXP is primarily intended for the exchange of data created by intrusion detection entities. IDMEF messages should be used for the structured representation of this intrusion detection data, although IDXP may be used to exchange unstructured text and binary data.