IDMEFV2 » History » Version 2
« Previous -
Version 2/22
(diff) -
Next » -
Current version
Sélim Menouar, 10/26/2015 04:00 PM
IDMEFV2¶
One of SECEF's projects was to build a new IDMEF structure, that referred to as IDMEF V2.
Here are listed the changes we've made from V1 to V2.
All of these changes were first discussed during meetings or on the forum.
As well as the list of changes, we drew another class diagram, the way we did for V1, in order to picture easily the new format.
| Evolution | Class | Field | Type |
|---|---|---|---|
| Identifier la date de début et de fin d'un événement (scan, propagation de vers, etc.) ou une durée | StartTime | Date | Date |
| EndTime | Date | Date | |
| Champs pour identifer le protocole de transport (TCP, UDP) indépendamment du protocole applicatif | Service | transport_protocol | ATP CUDP DCCP FCP IL MPTCP RDP RUDP SCTP SPX SST TCP UDP UDP Lite µTP |
| Gérer les adresses et les ports translatés. | Address | translation | no_translation pre_trabslation post_translation |
| Attachement du log originel (plus specifique que Additional Data) | Classification->Origin | origin | log_analysis sensor |
| signature | String | ||
| log | String | ||
| Compteur d'occurrence des événements qui sont agrégés dans une alerte | Origin | counter | Integer |
| Champs pour identifier le thread | Process | TID | Integer |
| Distinguer la sévérité d'une attaque, la vulnérabilité probable de la cible, la criticité de la cible et la priorité finale de l'alerte | Impact | target_vulnerability | Enum |
| target_criticity | Enum | ||
| Supprimer les OverflowAlerts | OverflowAlerts | ||
| Ajouter un champs pour identifier la catégorie d'un hôte | Node | type | Enum à travailler |
| Gestion explicite des données de géolocalisation (longitude, lattitude, ville pays) | Node->Location | latitude | float |
| longitude | float | ||
| city | String | ||
| country | String | ||
| state | String | ||
| Node | Location | ||
| Compléter la classe WebService | WebService->WebServiceHeaderParams/2. | parameter | host referer user-agent server cookie http-method other |
| value | String | ||
| WebService->WebServiceParams | parameter | String | |
| value | String | ||
| Ajouter des sous-classes à la classe Service | Service->LDAPService | url | String |
| operation | start_tls bind search compare add delete modify modify_dn abandon extended-operation unbind other |
||
| ext-operation | String | ||
| dn | String | ||
| LDAPService->LDAPServiceParams | parameter | scope filter deref_aliases attribute sizelimit timelimit sizeonly ext-type |
|
| ext-type | String | ||
| Service->SIPService | uri | String | |
| request | INVITE ACK BYE CANCEL OPTIONS REGISTER PRACK SUBSCRIBE NOTIFY PUBLISH INFO referer MESSAGE UPDATE other |
||
| ext-request | String | ||
| response | integer | ||
| SIPService->HeaderSIPService | parameter | Enum | |
| value | String | ||
| Service->SMTPService | messsageid | String | |
| user-agent | String | ||
| subject | String | ||
| references | String | ||
