On the manager side, IDMEF is used in Prelude SIEM, both commercial and open-source edition; it is also partially implemented in LogLogic SIEM.

On the agent side, IDMEF is implemented in lots of open-source tools: Snort, Suricata, Ossec, Samhain, Kismit, Armadito, etc … and also some commercial tools : StamusNetwork, 6Cure, etc.