IDMEFv2 : First draft release

The SECEF consortium is pleased to announce the availability of a first IDMEF V2 public draft. This draft is proposed in an excel table format as it is easier to manipulate and modify during the first definition iteration but it will later be translated in Internet Draft Format.

Main principles which have driven our work on IDMEFv2 format are :

  • V2 should choose simplicity vs exhaustiveness/structuration when it’s possible
  • V2 preferred format must be JSON (with no more than 2 or 3 levels), use of XML should stay possible
  • V2 must deal with incident detection (includes but wider than intrusion detection)
  • V2 must include physical and cyber incident (security and availability)
  • V2 number of main class should be lower than V1
  • V2 should be easy to extend

The first public drafts are available on the SECEF Redmine document section.

Feel free to comment on SECEF mailing list :

SECEF Consortium



Introduction by Gilles Lehmann, SECEF project manager – CS

  • SECEF project presentation
  • IDMEF et IODEF standard formats
  • Overview : Regulatory constraints
  • Workshops presentation

The standard formats

  • ISI/ETSI and its complementarity with IDMEF by Hervé Debar – Telecom Sud Paris
  • Comparison/complementarity with  IODEF, ICT OASIS (STIX, Cybox, TAXII) et OpenIOC formats by Guillaume Hiet – Centrale Supelec
  • Library LibIODEF, LibIDMEF, LibPrelude by Thomas Andrejak – SECEF Technical manager

 RGI, feedback and partnership

  • RGI by Antoine Cao – Technical expert SIC at SGMAP/DINSIC Prime Minister Services
  • Feedback from de Ministry of Defence by Laurent Villemin – DGA – MI – Intrusion Detection Labs
  • Prelude SIEM and the IDMEF partnership – CS by Gilles Lehmann

Partners : Security probes stories 

  • NIDS high performance : Stamus Network by Eric Leblond
  • Global SSO : ILEX – Sign & Go by Thierry Bettini and Guillaume Guerrin
  • Anti-DDoS : 6cure Threat Protection by Jouni Viinikka
  • ARMADITO : Teclib by François Déchelle

Conclusion on the potential futur of the SECEF project


base - EN


The Prelude Team and its partners Telecom SudParis and Centrale Supelec will present the project SECEF results on September 21th of 2016 at the Espace Saint Martin in Paris.



  • IDMEF (RFC 4765) and IODEF (RFC 5070) formats
  • Impact of the adoption of these formats in the french administration (RGI v2)
  • Synergy between the standards : IDMEF & ISI from the ETSI
  • Comparison between the formats :  IODEF, STIX, Cybox, TAXII et OpenIOC
  • Users testimony: Prime Minister’s Services, Ministry Of Defence, etc.
  • Software companies compliant with IDMEF : CS, ILEX, Stamus Networks, 6Cure and Teclib


SECEF | Events

  • SECEF generates interest internationally at FIC 2015:

Around the presentation of PRELUDE, SECEF could be promoted during the 7th International Forum on Cybersecurity in January.

SIEM users as IDS manufacturers seem to be very interested in taking advantage of a upgraded IDMEF.



The Secef team


SECEF is going on

The SECEF (Security Exchange Format) project has officialy started.

This project is driven by the CS company with the support of French Ministery of Defense and two academic partners: Telecom Sud Paris and Supelec.

The goal of the SECEF project is to promote and improve security exchange formats: IDMEF and IODEF.


The first SECEF DAY has been a huge success


with a important number of participants who all enjoyed the presentations.


During those three hours of conference, the SECEF team presented the first result of the projects with detailled comparisons of the diverse formats used in cybersecurity :

  • Introduction on incidents and alerts formats and the reglementation –  G. Lehmann (CS)
  • Presentation of the IDMEF and IODEF formats – G. Lehmann (CS)
  • The SECEF projects – G. Lehmann (CS)
  • The context and history of other works of standardisation – H. Debarr (TSP)
  • Overview of the incidents formats : ISI/ETSI, IODEF, STIX/CyBOX/TAXII, OpenIOC – H. Debar (TSP)
  • A detailed oveview of the differents alert formats : IDMEF (RFC 4765), CEF (HP-ArcSight), LEEF (IBM-QRadar), SDEE (Cisco), CEE (Mitre), CIM (DTMF), XDAS/CADF (OpenGroup) – G. Hiet (CentraleSupelec)
  • Conclusion and perspectives – G. Lehmann (CS)

You will find below:

Have a nice viewing,

The SECEF team