IETF DRAFTS Submission

After two years of specification and experimentation, the two first IDMEFv2 IETF Drafts have been published in the official Datatracker. The road to standardization is still very long and uncertain but this is definitely a very important first step !

This is the V00 version. It’s usable but imperfect. The V01 one will correct the major bugs. We plan the V01 submission end of T1 2023.

IDMEFv2 : First draft release

The SECEF consortium is pleased to announce the availability of a first IDMEF V2 public draft. This draft is proposed in an excel table format as it is easier to manipulate and modify during the first definition iteration but it will later be translated in Internet Draft Format.

Main principles which have driven our work on IDMEFv2 format are :

  • V2 should choose simplicity vs exhaustiveness/structuration when it’s possible
  • V2 preferred format must be JSON (with no more than 2 or 3 levels), use of XML should stay possible
  • V2 must deal with incident detection (includes but wider than intrusion detection)
  • V2 must include physical and cyber incident (security and availability)
  • V2 number of main class should be lower than V1
  • V2 should be easy to extend

The first public drafts are available on the SECEF Redmine document section.

Feel free to comment on SECEF mailing list :

SECEF Consortium



Introduction by Gilles Lehmann, SECEF project manager – CS

  • SECEF project presentation
  • IDMEF et IODEF standard formats
  • Overview : Regulatory constraints
  • Workshops presentation

The standard formats

  • ISI/ETSI and its complementarity with IDMEF by Hervé Debar – Telecom Sud Paris
  • Comparison/complementarity with  IODEF, ICT OASIS (STIX, Cybox, TAXII) et OpenIOC formats by Guillaume Hiet – Centrale Supelec
  • Library LibIODEF, LibIDMEF, LibPrelude by Thomas Andrejak – SECEF Technical manager

 RGI, feedback and partnership

  • RGI by Antoine Cao – Technical expert SIC at SGMAP/DINSIC Prime Minister Services
  • Feedback from de Ministry of Defence by Laurent Villemin – DGA – MI – Intrusion Detection Labs
  • Prelude SIEM and the IDMEF partnership – CS by Gilles Lehmann

Partners : Security probes stories 

  • NIDS high performance : Stamus Network by Eric Leblond
  • Global SSO : ILEX – Sign & Go by Thierry Bettini and Guillaume Guerrin
  • Anti-DDoS : 6cure Threat Protection by Jouni Viinikka
  • ARMADITO : Teclib by François Déchelle

Conclusion on the potential futur of the SECEF project


base - EN


The Prelude Team and its partners Telecom SudParis and Centrale Supelec will present the project SECEF results on September 21th of 2016 at the Espace Saint Martin in Paris.



  • IDMEF (RFC 4765) and IODEF (RFC 5070) formats
  • Impact of the adoption of these formats in the french administration (RGI v2)
  • Synergy between the standards : IDMEF & ISI from the ETSI
  • Comparison between the formats :  IODEF, STIX, Cybox, TAXII et OpenIOC
  • Users testimony: Prime Minister’s Services, Ministry Of Defence, etc.
  • Software companies compliant with IDMEF : CS, ILEX, Stamus Networks, 6Cure and Teclib