Author: Gilles Lehmann

Plain new IDMEFv2 website dedicated to the promotion of the format :

This website will host all information about the IDMEFv2 format and the standardization efforts :

• Documentation and tutorials
• IDMEFv2 tools and libraries
• IDMEFv2 mailing list and blog
• etc.

The SECEF Team

The SECEF Team will be present at #FIC2023 the International Cybersecurity Forum at Lille Grand Palais, stand H34-1 the 5, 6 and 7 April 2023.

This will be the occasion to present the project progress and answer your questions.

Feel free to contact the IDMEFv2.org mailing list if you want a dedicated meeting.

See you there !

The SECEF Team

Following the publication of the two IDMEFv2 IETF Internet Draft a new IDMEFv2 GitHub has been created to host all the software developed by the consortium.

SECEF tools are published in open-source so everyone can use, test, modify and improve it.

Have a try : https://github.com/IDMEFv2

The SECEF Team

After two years of specification and experimentation, the two first IDMEFv2 IETF Drafts have been published in the official Datatracker. The road to standardization is still very long and uncertain but this is definitely a very important first step !

• https://datatracker.ietf.org/doc/draft-lehmann-idmefv2/
• https://datatracker.ietf.org/doc/draft-poirotte-idmefv2-https-transport/

This is the V00 version. It’s usable but imperfect. The V01 one will correct the major bugs. We plan the V01 submission end of T1 2023.

The SECEF consortium is pleased to announce the availability of a first IDMEF V2 public draft. This draft is proposed in an excel table format as it is easier to manipulate and modify during the first definition iteration but it will later be translated in Internet Draft Format.

Main principles which have driven our work on IDMEFv2 format are :

• V2 should choose simplicity vs exhaustiveness/structuration when it’s possible
• V2 preferred format must be JSON (with no more than 2 or 3 levels), use of XML should stay possible
• V2 must deal with incident detection (includes but wider than intrusion detection)
• V2 must include physical and cyber incident (security and availability)
• V2 number of main class should be lower than V1
• V2 should be easy to extend

The first public drafts are available on the SECEF Redmine document section.

https://redmine.secef.net/projects/secef/documents

Feel free to comment on SECEF mailing list :

https://www.freelists.org/list/secef

SECEF Consortium

The SECEF (2) project has officialy started.

The project will last until August 2023.

The first worshop of the project is a large domain analysis.

Due to Covid first results might be a little late but will be published as soon as possible.

Stay tuned

SECEF Consortium

Introduction by Gilles Lehmann, SECEF project manager – CS

• SECEF project presentation
• IDMEF et IODEF standard formats
• Overview : Regulatory constraints
• Workshops presentation

The standard formats

• ISI/ETSI and its complementarity with IDMEF by Hervé Debar – Telecom Sud Paris
• Comparison/complementarity with  IODEF, ICT OASIS (STIX, Cybox, TAXII) et OpenIOC formats by Guillaume Hiet – Centrale Supelec
• Library LibIODEF, LibIDMEF, LibPrelude by Thomas Andrejak – SECEF Technical manager
  

 RGI, feedback and partnership

• RGI by Antoine Cao – Technical expert SIC at SGMAP/DINSIC Prime Minister Services
  
• Feedback from de Ministry of Defence by Laurent Villemin – DGA – MI – Intrusion Detection Labs
• Prelude SIEM and the IDMEF partnership – CS by Gilles Lehmann

Partners : Security probes stories 

• NIDS high performance : Stamus Network by Eric Leblond
• Global SSO : ILEX – Sign & Go by Thierry Bettini and Guillaume Guerrin
• Anti-DDoS : 6cure Threat Protection by Jouni Viinikka
• ARMADITO : Teclib by François Déchelle

Conclusion on the potential futur of the SECEF project

The Prelude Team and its partners Telecom SudParis and Centrale Supelec will present the project SECEF results on September 21th of 2016 at the Espace Saint Martin in Paris.

PROGRAM
 

• IDMEF (RFC 4765) and IODEF (RFC 5070) formats
• Impact of the adoption of these formats in the french administration (RGI v2)
• Synergy between the standards : IDMEF & ISI from the ETSI
• Comparison between the formats :  IODEF, STIX, Cybox, TAXII et OpenIOC
• Users testimony: Prime Minister’s Services, Ministry Of Defence, etc.
• Software companies compliant with IDMEF : CS, ILEX, Stamus Networks, 6Cure and Teclib

Subscribe