Documents
IDMEFv2 Specification
IDMEF v2 - Definition and Examples - V 0.1
03/06/2021 03:36 PM
Very first draft of IDMEF v2 definition and examples :
- JSON format
- Main classes : Agent, Source, Target, Vector, Attach
- Physical and Availability incidents are included
- Location concept
- Strongly inspired of the IDEA format (based on IDMEFv1)...
IDMEF v2 - Definition and Examples - V 0.2
03/07/2021 02:23 PM
New version with minor changes :
- Attributes types have been corrected
- A new sheet "types" for types definition
- Minor correction in the excel and word examples for JSON compatibility
IDMEF v2 - Definition and Examples - V 0.3
05/11/2021 01:37 PM
New version with minor changes :
- Add a new class: Observables
- Update list of "Types", "ENUM" and "Category"
- Update word JSON examples
- Move some attributes
User documentation
2017 : Etude comparative format d'alertes - Centrale Supelec
03/02/2018 03:02 PM
Comparaison entre le format IDMEF v1 et les principaux formats propriétaires existants dons CEF de Arsight et LEEF de QRadar.
Technical documentation
Best Practices EN
01/27/2017 12:40 AM
How to use IDMEF v1 attributs.
Best Practices FR
01/27/2017 12:40 AM
Comment utiliser les champs et attributs IDMEF v1.
IDMEF v2 - Draft (2017 Version - OBSOLETE)
01/27/2017 12:43 AM
Draft de spécification IDMEFv2 réalisé avec le concours du centre de détection de la DGA MI et le Cossi de l'ANSSI.
IDMEfv2 draft specification in collaboration with French Ministry of the Army and ANSSI (French NSA)
Field to Field alert format comparaison
03/02/2018 03:11 PM
This table present a "field to field" comparison of the major SIEM alert format.