h1. Formats

h2. What is a format ?

This project revolves around formats. But there are a lot of types of formats.

Here we are actually discussing what we can call schemas, which is the structure used to organize the information in a message.

Let's have a closer look on what this means.

!{width:500px}/attachments/download/62/Sch%C3%A9ma%20des%20formats.png!

We have to make a clear distinction between the syntax, the encoding format and the transport format. 

Examples of transport format are syslog, http or smtp.

Examples of encoding format are JSON, XML or Yaml.

SECEF is meant to work on the syntax.

Each syntax can be split into the schema and the semantics. Schema refers to the structure, semantics refers to what can be stored whithin (types of fields for example).

For simplicity reasons, the word format is used throughout this wiki and should mostly be understood as schema or syntax.

This being said, it should be easier to understand the purpose of this project.

h2. Which formats are we working on ?

SECEF revolves around IDMEF and IODEF. However, in order to improve these formats, a lot of work has also been done on other formats, to [[Comparison of alert formats|compare]] IDMEF and IODEF to them.

Here is a quick and non exhaustive list of the formats SECEF already considered : 

* [[SDEE format|SDEE]]

* [[CompareFormat#CEE|CEE]]

* [[CompareFormat#HP-ArcSight-CEF|CEF]]

* [[CompareFormat#IBM-QRadar-LEEF|LEEF]]

* [[CompareFormat#DMTF-CIM|CIM]]

* [[CompareFormat#The-Open-Group-XDAS|XDAS]]