Project

General

Profile

IDMEFV2 » History » Version 18

Anonymous, 11/05/2015 01:54 PM

1 1 Gilles Lehmann
h1. IDMEFV2
2 2 Anonymous
3 2 Anonymous
One of SECEF's projects was to build a new IDMEF structure, that referred to as IDMEF V2.
4 2 Anonymous
5 8 Anonymous
Here are listed the changes that we think could be insteresting to include in the V2.
6 2 Anonymous
7 8 Anonymous
All of these changes were discussed during meetings or on the forum.
8 2 Anonymous
9 8 Anonymous
In red are the fields or class to be suppressed, the others are to be added.
10 2 Anonymous
11 17 Anonymous
|_.Evolution|_.Impacted Class|_.Proposed Field|_.Type   |
12 17 Anonymous
|/2. [[Start time end time|Indicate start time and end time or a duration for an event such as worm propagation or scan]]
13 9 Anonymous
| StartTime     |   Date | Date|
14 1 Gilles Lehmann
                                                                                                         | EndTime       |   Date | Date|
15 17 Anonymous
|[[Identify transport protocol|Identify transport protocol (TCP, UDP, etc.) regardless of the applicative protocol]] 
16 9 Anonymous
| Service       | transport_protocol |ATP
17 2 Anonymous
CUDP
18 2 Anonymous
DCCP
19 2 Anonymous
FCP
20 2 Anonymous
IL
21 2 Anonymous
MPTCP
22 2 Anonymous
RDP
23 2 Anonymous
RUDP
24 2 Anonymous
SCTP
25 2 Anonymous
SPX
26 2 Anonymous
SST
27 2 Anonymous
TCP
28 1 Gilles Lehmann
UDP
29 1 Gilles Lehmann
UDP Lite
30 1 Gilles Lehmann
µTP|
31 1 Gilles Lehmann
|[[Translated addresses and ports|Handle translated addresses and ports]]
32 2 Anonymous
| Address | translation |no_translation
33 2 Anonymous
pre_trabslation
34 17 Anonymous
post_translation|
35 18 Anonymous
|[[Original log|Add original log attachment]]|Alert|original_log|string|
36 18 Anonymous
|[[Counters|Occurrence counter of aggregated events]]|Alert|event_number|Integer|
37 18 Anonymous
|[[Counters|Occurrence counter of aggregated alerts in correlation alerts]]|CorrelationAlert|alert_number|Integer|
38 18 Anonymous
|[[Thread ID|Add Thread ID]] |Process| TID|Integer|
39 17 Anonymous
|/2.[[Specify the attack severity, the target supposed vulnerability, the target criticity and the final priority of the alert]]
40 9 Anonymous
|/2.Impact|target_vulnerability|Enum|
41 13 Guillaume Hiet
|target_criticity|Enum|
42 16 Yoann Vandoorselaere
|[[Remove OverflowAlerts]]
43 9 Anonymous
|\3{background:#e99b9b}.OverflowAlerts|
44 18 Anonymous
|[[host category|Specify host category]]|Node|category|Rethink the enumeration|
45 17 Anonymous
|/6.[[Location data|Add More explicit location data (latitude, longitude, country, city, etc.)]]|/5.Node->Location|latitude|float|
46 2 Anonymous
|longitude|float|
47 1 Gilles Lehmann
|city|String|
48 2 Anonymous
|country|String|
49 2 Anonymous
|state|String|
50 2 Anonymous
|{background:#e99b9b}.Node|\2{background:#e99b9b}.Location|
51 17 Anonymous
|/4.[[Expand WebService class]]|/2.WebService->WebServiceHeaderParams|parameter|host
52 2 Anonymous
referer
53 2 Anonymous
user-agent
54 1 Gilles Lehmann
server
55 2 Anonymous
cookie
56 9 Anonymous
http-method
57 9 Anonymous
other|
58 10 Anonymous
|value|String|
59 16 Yoann Vandoorselaere
|/2.WebService->WebServiceParams
60 9 Anonymous
|parameter|String|
61 2 Anonymous
|value|String|
62 17 Anonymous
|/16.[[Expand Service class|Add subclasses to Service class]]|/4.Service->LDAPService|url|String|
63 2 Anonymous
|operation|start_tls
64 2 Anonymous
bind
65 2 Anonymous
search
66 2 Anonymous
compare
67 2 Anonymous
add
68 2 Anonymous
delete
69 2 Anonymous
modify
70 2 Anonymous
modify_dn
71 2 Anonymous
abandon
72 2 Anonymous
extended-operation
73 2 Anonymous
unbind
74 2 Anonymous
other|
75 2 Anonymous
|ext-operation|String|
76 2 Anonymous
|dn|String|
77 2 Anonymous
|/2.LDAPService->LDAPServiceParams|parameter|scope
78 2 Anonymous
filter
79 2 Anonymous
deref_aliases
80 2 Anonymous
attribute
81 2 Anonymous
sizelimit
82 2 Anonymous
timelimit
83 2 Anonymous
sizeonly
84 2 Anonymous
ext-type|
85 2 Anonymous
|ext-type|String|
86 2 Anonymous
|/4.Service->SIPService|uri|String|
87 2 Anonymous
|request|INVITE
88 2 Anonymous
ACK
89 2 Anonymous
BYE
90 2 Anonymous
CANCEL
91 2 Anonymous
OPTIONS
92 2 Anonymous
REGISTER
93 2 Anonymous
PRACK
94 2 Anonymous
SUBSCRIBE
95 2 Anonymous
NOTIFY
96 2 Anonymous
PUBLISH
97 2 Anonymous
INFO
98 2 Anonymous
referer
99 2 Anonymous
MESSAGE
100 2 Anonymous
UPDATE
101 2 Anonymous
other|
102 2 Anonymous
|ext-request|String|
103 2 Anonymous
|response|integer|
104 2 Anonymous
|/2.SIPService->HeaderSIPService|parameter|Enum|
105 2 Anonymous
|value|String|
106 2 Anonymous
|/4.Service->SMTPService|messsageid|String|
107 2 Anonymous
|user-agent|String|
108 2 Anonymous
|subject|String|
109 2 Anonymous
|references|String|