IDMEF | Ressources

Formats: Quick introduction on alert formats and what they are
Comparison of alert formats : Long comparison of existing formats (CEF, LEEF, SDEE, etc.)

How to use IDMEF V1 (SECEF) : Tutorial on IDMEF V1 content and how to use it
How to use LibPrelude (SECEF) : Detailed tutorial on how to use LibPrelude and code a IDMEF V1 client (python, C, ruby,etc.)
How to build a sensor (SECEF) : Creation of a new sensor that can communicate in IDMEF V1 through the LibPrelude library
LibPrelude IDMEF path (SECEF) : Detailed description of all IDMEF fields

SDEE : Security Device Event Exchange (Cisco)
The Security Device Event Exchange (SDEE) is a specification for the message formats and the messaging protocol used to communicate the events generated by security devices. Cisco Intrusion Detection Event Exchange (CIDEE) specifies the extensions to the Security Device Event Exchange (SDEE) that are utilized by Cisco’s network-based intrusion prevention systems.
CEE : Common Event Expression (Mitre)
CEE™ is the Common Event Expression initiative being developed by a community representing the vendors, researchers, and end users, and coordinated by MITRE. The primary goal of the effort is to standardize the representation and exchange of logs from electronic systems. Nota : Due to changing priorities, the U.S. Government organization that sponsored MITRE’s work on CEE has decided to stop funding development of CEE to focus on other priorities.
CEF : Common Event Format (ArcSight) : CEF (Common Exchange Format) is format proposed by ArcSight for promoting interoperability between various event- or log-generating devices ( security and not-security devices.)
LEEF : Log Event Extended Format (IBM)
SDEE format : Detailed schema of Cisco SDEE (Security Device Event Exchange)