IDMEFV2 » History » Version 19
Anonymous, 02/08/2016 05:20 PM
1 | 1 | Gilles Lehmann | h1. IDMEFV2 |
---|---|---|---|
2 | 2 | Anonymous | |
3 | 2 | Anonymous | One of SECEF's projects was to build a new IDMEF structure, that referred to as IDMEF V2. |
4 | 2 | Anonymous | |
5 | 8 | Anonymous | Here are listed the changes that we think could be insteresting to include in the V2. |
6 | 2 | Anonymous | |
7 | 8 | Anonymous | All of these changes were discussed during meetings or on the forum. |
8 | 2 | Anonymous | |
9 | 8 | Anonymous | In red are the fields or class to be suppressed, the others are to be added. |
10 | 2 | Anonymous | |
11 | 17 | Anonymous | |_.Evolution|_.Impacted Class|_.Proposed Field|_.Type | |
12 | 17 | Anonymous | |/2. [[Start time end time|Indicate start time and end time or a duration for an event such as worm propagation or scan]] |
13 | 9 | Anonymous | | StartTime | Date | Date| |
14 | 1 | Gilles Lehmann | | EndTime | Date | Date| |
15 | 17 | Anonymous | |[[Identify transport protocol|Identify transport protocol (TCP, UDP, etc.) regardless of the applicative protocol]] |
16 | 9 | Anonymous | | Service | transport_protocol |ATP |
17 | 2 | Anonymous | CUDP |
18 | 2 | Anonymous | DCCP |
19 | 2 | Anonymous | FCP |
20 | 2 | Anonymous | IL |
21 | 2 | Anonymous | MPTCP |
22 | 2 | Anonymous | RDP |
23 | 2 | Anonymous | RUDP |
24 | 2 | Anonymous | SCTP |
25 | 2 | Anonymous | SPX |
26 | 2 | Anonymous | SST |
27 | 2 | Anonymous | TCP |
28 | 1 | Gilles Lehmann | UDP |
29 | 1 | Gilles Lehmann | UDP Lite |
30 | 1 | Gilles Lehmann | µTP| |
31 | 1 | Gilles Lehmann | |[[Translated addresses and ports|Handle translated addresses and ports]] |
32 | 2 | Anonymous | | Address | translation |no_translation |
33 | 2 | Anonymous | pre_trabslation |
34 | 17 | Anonymous | post_translation| |
35 | 18 | Anonymous | |[[Original log|Add original log attachment]]|Alert|original_log|string| |
36 | 18 | Anonymous | |[[Counters|Occurrence counter of aggregated events]]|Alert|event_number|Integer| |
37 | 18 | Anonymous | |[[Counters|Occurrence counter of aggregated alerts in correlation alerts]]|CorrelationAlert|alert_number|Integer| |
38 | 18 | Anonymous | |[[Thread ID|Add Thread ID]] |Process| TID|Integer| |
39 | 17 | Anonymous | |/2.[[Specify the attack severity, the target supposed vulnerability, the target criticity and the final priority of the alert]] |
40 | 9 | Anonymous | |/2.Impact|target_vulnerability|Enum| |
41 | 13 | Guillaume Hiet | |target_criticity|Enum| |
42 | 16 | Yoann Vandoorselaere | |[[Remove OverflowAlerts]] |
43 | 9 | Anonymous | |\3{background:#e99b9b}.OverflowAlerts| |
44 | 18 | Anonymous | |[[host category|Specify host category]]|Node|category|Rethink the enumeration| |
45 | 17 | Anonymous | |/6.[[Location data|Add More explicit location data (latitude, longitude, country, city, etc.)]]|/5.Node->Location|latitude|float| |
46 | 2 | Anonymous | |longitude|float| |
47 | 1 | Gilles Lehmann | |city|String| |
48 | 2 | Anonymous | |country|String| |
49 | 2 | Anonymous | |state|String| |
50 | 2 | Anonymous | |{background:#e99b9b}.Node|\2{background:#e99b9b}.Location| |
51 | 17 | Anonymous | |/4.[[Expand WebService class]]|/2.WebService->WebServiceHeaderParams|parameter|host |
52 | 2 | Anonymous | referer |
53 | 2 | Anonymous | user-agent |
54 | 1 | Gilles Lehmann | server |
55 | 2 | Anonymous | cookie |
56 | 9 | Anonymous | http-method |
57 | 9 | Anonymous | other| |
58 | 10 | Anonymous | |value|String| |
59 | 16 | Yoann Vandoorselaere | |/2.WebService->WebServiceParams |
60 | 9 | Anonymous | |parameter|String| |
61 | 2 | Anonymous | |value|String| |
62 | 17 | Anonymous | |/16.[[Expand Service class|Add subclasses to Service class]]|/4.Service->LDAPService|url|String| |
63 | 2 | Anonymous | |operation|start_tls |
64 | 2 | Anonymous | bind |
65 | 2 | Anonymous | search |
66 | 2 | Anonymous | compare |
67 | 2 | Anonymous | add |
68 | 2 | Anonymous | delete |
69 | 2 | Anonymous | modify |
70 | 2 | Anonymous | modify_dn |
71 | 2 | Anonymous | abandon |
72 | 2 | Anonymous | extended-operation |
73 | 2 | Anonymous | unbind |
74 | 2 | Anonymous | other| |
75 | 2 | Anonymous | |ext-operation|String| |
76 | 2 | Anonymous | |dn|String| |
77 | 2 | Anonymous | |/2.LDAPService->LDAPServiceParams|parameter|scope |
78 | 2 | Anonymous | filter |
79 | 2 | Anonymous | deref_aliases |
80 | 2 | Anonymous | attribute |
81 | 2 | Anonymous | sizelimit |
82 | 2 | Anonymous | timelimit |
83 | 2 | Anonymous | sizeonly |
84 | 2 | Anonymous | ext-type| |
85 | 2 | Anonymous | |ext-type|String| |
86 | 2 | Anonymous | |/4.Service->SIPService|uri|String| |
87 | 2 | Anonymous | |request|INVITE |
88 | 2 | Anonymous | ACK |
89 | 2 | Anonymous | BYE |
90 | 2 | Anonymous | CANCEL |
91 | 2 | Anonymous | OPTIONS |
92 | 2 | Anonymous | REGISTER |
93 | 2 | Anonymous | PRACK |
94 | 2 | Anonymous | SUBSCRIBE |
95 | 2 | Anonymous | NOTIFY |
96 | 2 | Anonymous | PUBLISH |
97 | 2 | Anonymous | INFO |
98 | 2 | Anonymous | referer |
99 | 2 | Anonymous | MESSAGE |
100 | 2 | Anonymous | UPDATE |
101 | 2 | Anonymous | other| |
102 | 2 | Anonymous | |ext-request|String| |
103 | 2 | Anonymous | |response|integer| |
104 | 2 | Anonymous | |/2.SIPService->HeaderSIPService|parameter|Enum| |
105 | 2 | Anonymous | |value|String| |
106 | 2 | Anonymous | |/4.Service->SMTPService|messsageid|String| |
107 | 2 | Anonymous | |user-agent|String| |
108 | 2 | Anonymous | |subject|String| |
109 | 2 | Anonymous | |references|String| |
110 | 19 | Anonymous | |[[classification category|Specify classification category]]|Classification|category|(authentification, ...)| |