What is the difference between IDMEF and IODEF?

IODEF (Incident Object Definition Exchange Format) is a format to define an Incident and share it between security teams. It’s a “human” format.

IDMEF is a format to exchange alerts between security tools and security manager (SIEM). It’s a “technical” format, even if at the end it is read by a human operator.

IDMEF and IODEF are complementary. An incident can be described by joining IDMEF object in the IODEF message.