IDMEFv2 : First draft release

The SECEF consortium is pleased to announce the availability of a first IDMEF V2 public draft. This draft is proposed in an excel table format as it is easier to manipulate and modify during the first definition iteration but it will later be translated in Internet Draft Format.

Main principles which have driven our work on IDMEFv2 format are :

  • V2 should choose simplicity vs exhaustiveness/structuration when it’s possible
  • V2 preferred format must be JSON (with no more than 2 or 3 levels), use of XML should stay possible
  • V2 must deal with incident detection (includes but wider than intrusion detection)
  • V2 must include physical and cyber incident (security and availability)
  • V2 number of main class should be lower than V1
  • V2 should be easy to extend

The first public drafts are available on the SECEF Redmine document section.

https://redmine.secef.net/projects/secef/documents

Feel free to comment on SECEF mailing list :

https://www.freelists.org/list/secef

SECEF Consortium

 

SECEF DAY 2016

Introduction by Gilles Lehmann, SECEF project manager – CS

  • SECEF project presentation
  • IDMEF et IODEF standard formats
  • Overview : Regulatory constraints
  • Workshops presentation

 
The standard formats

  • ISI/ETSI and its complementarity with IDMEF by Hervé Debar – Telecom Sud Paris
  • Comparison/complementarity with  IODEF, ICT OASIS (STIX, Cybox, TAXII) et OpenIOC formats by Guillaume Hiet – Centrale Supelec
  • Library LibIODEF, LibIDMEF, LibPrelude by Thomas Andrejak – SECEF Technical manager

 RGI, feedback and partnership

  • RGI by Antoine Cao – Technical expert SIC at SGMAP/DINSIC Prime Minister Services
  • Feedback from de Ministry of Defence by Laurent Villemin – DGA – MI – Intrusion Detection Labs
  • Prelude SIEM and the IDMEF partnership – CS by Gilles Lehmann

Partners : Security probes stories 

  • NIDS high performance : Stamus Network by Eric Leblond
  • Global SSO : ILEX – Sign & Go by Thierry Bettini and Guillaume Guerrin
  • Anti-DDoS : 6cure Threat Protection by Jouni Viinikka
  • ARMADITO : Teclib by François Déchelle

Conclusion on the potential futur of the SECEF project

SECEF DAY 2016 – September 21th – ESPACE SAINT MARTIN – PARIS

base - EN

 

The Prelude Team and its partners Telecom SudParis and Centrale Supelec will present the project SECEF results on September 21th of 2016 at the Espace Saint Martin in Paris.

 

PROGRAM
 

  • IDMEF (RFC 4765) and IODEF (RFC 5070) formats
  • Impact of the adoption of these formats in the french administration (RGI v2)
  • Synergy between the standards : IDMEF & ISI from the ETSI
  • Comparison between the formats :  IODEF, STIX, Cybox, TAXII et OpenIOC
  • Users testimony: Prime Minister’s Services, Ministry Of Defence, etc.
  • Software companies compliant with IDMEF : CS, ILEX, Stamus Networks, 6Cure and Teclib

Subscribe

IODEF and IDMEF at SSTIC 2016

Since IDMEF and IODEF standards are included in French “General Interoperability Framework” (RGI), we have presented a draft version of Open Source GPL v2 libidmef and libiodef at “Symposium sur la Sécurité des Technologies de l’Information et des Communications” 2016.

 

The libIDMEF library is based on libPrelude known for it’s security, stability and performances. It help you to manipulate IDMEF objets through the IDMEF Path design. It is available in C, C++ and Python.

 

Similar work are done on IODEF. As we said, we release a draft version of libIODEF to manipulate IODEF objets. It’s the same approch than IDMEF so you can find IODEF Path and different languages : C, C++ and Python.

 

Here are the repositories :

 

 

You can also find the slides we presented at SSTIC in french : IDMEF_IODEF_SSTIC_2016

SECEF | Events

  • SECEF generates interest internationally at FIC 2015:

Around the presentation of PRELUDE, SECEF could be promoted during the 7th International Forum on Cybersecurity in January.

SIEM users as IDS manufacturers seem to be very interested in taking advantage of a upgraded IDMEF.

 

 

The Secef team

 

SECEF is going on

The SECEF (Security Exchange Format) project has officialy started.

This project is driven by the CS company with the support of French Ministery of Defense and two academic partners: Telecom Sud Paris and Supelec.

The goal of the SECEF project is to promote and improve security exchange formats: IDMEF and IODEF.

SECEF DAY 2015

The first SECEF DAY has been a huge success

SECEFDAY-2015

with a important number of participants who all enjoyed the presentations.

Auditorium

During those three hours of conference, the SECEF team presented the first result of the projects with detailled comparisons of the diverse formats used in cybersecurity :

  • Introduction on incidents and alerts formats and the reglementation –  G. Lehmann (CS)
  • Presentation of the IDMEF and IODEF formats – G. Lehmann (CS)
  • The SECEF projects – G. Lehmann (CS)
  • The context and history of other works of standardisation – H. Debarr (TSP)
  • Overview of the incidents formats : ISI/ETSI, IODEF, STIX/CyBOX/TAXII, OpenIOC – H. Debar (TSP)
  • A detailed oveview of the differents alert formats : IDMEF (RFC 4765), CEF (HP-ArcSight), LEEF (IBM-QRadar), SDEE (Cisco), CEE (Mitre), CIM (DTMF), XDAS/CADF (OpenGroup) – G. Hiet (CentraleSupelec)
  • Conclusion and perspectives – G. Lehmann (CS)

You will find below:

Have a nice viewing,

The SECEF team