Genesis & History

1998 – 2007 : IDMEFv1 creation and standardization

IDMEFv1 (Intrusion detection message exchange format) has been specified between 1998 and 2006 by the IDWG (Intrusion Detection Work Group) at IETF resulting in three RFCs :

• RFC 4765 : The Intrusion Detection Message Exchange Format (IDMEF)

• RFC 4766 : Intrusion Detection Message Exchange Requirements

• RFC 4767 : The Intrusion Detection Exchange Protocol (IDXP)

2015-2017 SECEF1 : IDMEFv1 update, promotion and improvement

In 2015 the SECEF (SECurity Exchange Format) consortium was created to improve and promote IDMEFv1. The SECEF consortium was composed of people who had participate to the RFC 4765 and people who had experimented the format in various tools.

After two years of analysis and test, the consortium concluded that the format needed more than just few modifications. The base was solid but needed to be totally re-thinked and updated to feet the new cyber and physical threats.

2020 – 2023 SECEF2 : IDMEFV2 new version and standardization goal

In 2020 the SECEF2 (SECurity Exchange Format) consortium was created to create a new version of the IDMEF format and standardize it. SECEF2 consortium is an enlargement of the SECEF1 consortium with new industrial members.

The first step of the project was to experiment a new version of IDMEFv2 for protection of combined and complex threat on cyber and physical infrastructures.

This experimentation has been done on real scale in five different prototypes during the H2020 7SHIELD research project (https://www.7shield.eu/)

After two years of experimentations, the 15th of october 2022, two Internet Drafts were published defining a new version of the format and it’s transport over HTTPs :

• https://datatracker.ietf.org/doc/draft-lehmann-idmefv2/

• https://datatracker.ietf.org/doc/draft-poirotte-idmefv2-https-transport/

The consortium is now working on the tuning of the format and its standardization.