Version 2 - History - IDMEFV2 - SECEF

2

Anonymous

3

Anonymous

One of SECEF's projects was to build a new IDMEF structure, that referred to as IDMEF V2.

4

2

Anonymous

5

2

Anonymous

Here are listed the changes we've made from V1 to V2.

6

2

Anonymous

7

2

Anonymous

All of these changes were first discussed during meetings or on the forum.

8

2

Anonymous

9

2

Anonymous

As well as the list of changes, we drew another class diagram, the way we did for V1, in order to picture easily the new format.

10

2

Anonymous

11

2

Anonymous

|_.Evolution|_.Class|_.Field|_. Type   |

12

2

Anonymous

|/2. Identifier la date de début et de fin d'un événement (scan, propagation de vers, etc.) ou une durée | StartTime     |   Date | Date|

13

2

Anonymous

                                                                                                         | EndTime       |   Date | Date|

14

2

Anonymous

|Champs pour identifer le protocole de transport (TCP, UDP) indépendamment du protocole applicatif       | Service       | transport_protocol |ATP

15

2

Anonymous

CUDP

16

2

Anonymous

DCCP

17

2

Anonymous

FCP

18

2

Anonymous

IL

19

2

Anonymous

MPTCP

20

2

Anonymous

RDP

21

2

Anonymous

RUDP

22

2

Anonymous

SCTP

23

2

Anonymous

SPX

24

2

Anonymous

SST

25

2

Anonymous

TCP

26

2

Anonymous

UDP

27

2

Anonymous

UDP Lite

28

2

Anonymous

µTP|

29

2

Anonymous

|Gérer les adresses et les ports translatés.| Address | translation |no_translation

30

2

Anonymous

pre_trabslation

31

2

Anonymous

post_translation|

32

2

Anonymous

|/3.Attachement du log originel (plus specifique que Additional Data)|/3.Classification->Origin|origin|log_analysis

33

2

Anonymous

sensor|

34

2

Anonymous

|signature|String|

35

2

Anonymous

|log|String|

36

2

Anonymous

|Compteur d'occurrence des événements qui sont agrégés dans une alerte|Origin|counter|Integer|

37

2

Anonymous

|Champs pour identifier le thread|Process| TID|Integer|

38

2

Anonymous

|/2.Distinguer la sévérité d'une attaque, la vulnérabilité probable de la cible, la criticité de la cible et la priorité finale de l'alerte|/2.Impact|target_vulnerability|Enum|

39

2

Anonymous

|target_criticity|Enum|

40

2

Anonymous

|Supprimer les OverflowAlerts|\3{background:#e99b9b}.OverflowAlerts|

41

2

Anonymous

|Ajouter un champs pour identifier la catégorie d'un hôte|Node|type|Enum à travailler|

42

2

Anonymous

|/6.Gestion explicite des données de géolocalisation (longitude, lattitude, ville pays)|/5.Node->Location|latitude|float|

43

2

Anonymous

|longitude|float|

44

2

Anonymous

|city|String|

45

2

Anonymous

|country|String|

46

2

Anonymous

|state|String|

47

2

Anonymous

|{background:#e99b9b}.Node|\2{background:#e99b9b}.Location|

48

2

Anonymous

|/4.Compléter la classe WebService|WebService->WebServiceHeaderParams/2.|parameter|host

49

2

Anonymous

referer

50

2

Anonymous

user-agent

51

2

Anonymous

server

52

2

Anonymous

cookie

53

2

Anonymous

http-method

54

2

Anonymous

other|

55

2

Anonymous

|value|String|

56

2

Anonymous

|/2.WebService->WebServiceParams|parameter|String|

57

2

Anonymous

|value|String|

58

2

Anonymous

|/16.Ajouter des sous-classes à la classe Service|/4.Service->LDAPService|url|String|

59

2

Anonymous

|operation|start_tls

60

2

Anonymous

bind

61

2

Anonymous

search

62

2

Anonymous

compare

63

2

Anonymous

add

64

2

Anonymous

delete

65

2

Anonymous

modify

66

2

Anonymous

modify_dn

67

2

Anonymous

abandon

68

2

Anonymous

extended-operation

69

2

Anonymous

unbind

70

2

Anonymous

other|

71

2

Anonymous

|ext-operation|String|

72

2

Anonymous

|dn|String|

73

2

Anonymous

|/2.LDAPService->LDAPServiceParams|parameter|scope

74

2

Anonymous

filter

75

2

Anonymous

deref_aliases

76

2

Anonymous

attribute

77

2

Anonymous

sizelimit

78

2

Anonymous

timelimit

79

2

Anonymous

sizeonly

80

2

Anonymous

ext-type|

81

2

Anonymous

|ext-type|String|

82

2

Anonymous

|/4.Service->SIPService|uri|String|

83

2

Anonymous

|request|INVITE

84

2

Anonymous

ACK

85

2

Anonymous

BYE

86

2

Anonymous

CANCEL

87

2

Anonymous

OPTIONS

88

2

Anonymous

REGISTER

89

2

Anonymous

PRACK

90

2

Anonymous

SUBSCRIBE

91

2

Anonymous

NOTIFY

92

2

Anonymous

PUBLISH

93

2

Anonymous

INFO

94

2

Anonymous

referer

95

2

Anonymous

MESSAGE

96

2

Anonymous

UPDATE

97

2

Anonymous

other|

98

2

Anonymous

|ext-request|String|

99

2

Anonymous

|response|integer|

100

2

Anonymous

|/2.SIPService->HeaderSIPService|parameter|Enum|

101

2

Anonymous

|value|String|

102

2

Anonymous

|/4.Service->SMTPService|messsageid|String|

103

2

Anonymous

|user-agent|String|

104

2

Anonymous

|subject|String|

105

2

Anonymous

|references|String|

Project

General

Profile

IDMEFV2 » History » Version 2

-Gilles Lehmann
+h1. IDMEFV2
 Anonymous
-Anonymous
+One of SECEF's projects was to build a new IDMEF structure, that referred to as IDMEF V2.
 Anonymous
-Anonymous
+Here are listed the changes we've made from V1 to V2.
 Anonymous
-Anonymous
+All of these changes were first discussed during meetings or on the forum.
 Anonymous
-Anonymous
+As well as the list of changes, we drew another class diagram, the way we did for V1, in order to picture easily the new format.
 Anonymous
-Anonymous
+|_.Evolution|_.Class|_.Field|_. Type   |
-Anonymous
+|/2. Identifier la date de début et de fin d'un événement (scan, propagation de vers, etc.) ou une durée | StartTime     |   Date | Date|
-Anonymous
+                                                                                                         | EndTime       |   Date | Date|
-Anonymous
+|Champs pour identifer le protocole de transport (TCP, UDP) indépendamment du protocole applicatif       | Service       | transport_protocol |ATP
-Anonymous
+CUDP
-Anonymous
+DCCP
-Anonymous
+FCP
-Anonymous
+IL
-Anonymous
+MPTCP
-Anonymous
+RDP
-Anonymous
+RUDP
-Anonymous
+SCTP
-Anonymous
+SPX
-Anonymous
+SST
-Anonymous
+TCP
-Anonymous
+UDP
-Anonymous
+UDP Lite
-Anonymous
+µTP|
-Anonymous
+|Gérer les adresses et les ports translatés.| Address | translation |no_translation
-Anonymous
+pre_trabslation
-Anonymous
+post_translation|
-Anonymous
+|/3.Attachement du log originel (plus specifique que Additional Data)|/3.Classification->Origin|origin|log_analysis
-Anonymous
+sensor|
-Anonymous
+|signature|String|
-Anonymous
+|log|String|
-Anonymous
+|Compteur d'occurrence des événements qui sont agrégés dans une alerte|Origin|counter|Integer|
-Anonymous
+|Champs pour identifier le thread|Process| TID|Integer|
-Anonymous
+|/2.Distinguer la sévérité d'une attaque, la vulnérabilité probable de la cible, la criticité de la cible et la priorité finale de l'alerte|/2.Impact|target_vulnerability|Enum|
-Anonymous
+|target_criticity|Enum|
-Anonymous
+|Supprimer les OverflowAlerts|\3{background:#e99b9b}.OverflowAlerts|
-Anonymous
+|Ajouter un champs pour identifier la catégorie d'un hôte|Node|type|Enum à travailler|
-Anonymous
+|/6.Gestion explicite des données de géolocalisation (longitude, lattitude, ville pays)|/5.Node->Location|latitude|float|
-Anonymous
+|longitude|float|
-Anonymous
+|city|String|
-Anonymous
+|country|String|
-Anonymous
+|state|String|
-Anonymous
+|{background:#e99b9b}.Node|\2{background:#e99b9b}.Location|
-Anonymous
+|/4.Compléter la classe WebService|WebService->WebServiceHeaderParams/2.|parameter|host
-Anonymous
+referer
-Anonymous
+user-agent
-Anonymous
+server
-Anonymous
+cookie
-Anonymous
+http-method
-Anonymous
+other|
-Anonymous
+|value|String|
-Anonymous
+|/2.WebService->WebServiceParams|parameter|String|
-Anonymous
+|value|String|
-Anonymous
+|/16.Ajouter des sous-classes à la classe Service|/4.Service->LDAPService|url|String|
-Anonymous
+|operation|start_tls
-Anonymous
+bind
-Anonymous
+search
-Anonymous
+compare
-Anonymous
+add
-Anonymous
+delete
-Anonymous
+modify
-Anonymous
+modify_dn
-Anonymous
+abandon
-Anonymous
+extended-operation
-Anonymous
+unbind
-Anonymous
+other|
-Anonymous
+|ext-operation|String|
-Anonymous
+|dn|String|
-Anonymous
+|/2.LDAPService->LDAPServiceParams|parameter|scope
-Anonymous
+filter
-Anonymous
+deref_aliases
-Anonymous
+attribute
-Anonymous
+sizelimit
-Anonymous
+timelimit
-Anonymous
+sizeonly
-Anonymous
+ext-type|
-Anonymous
+|ext-type|String|
-Anonymous
+|/4.Service->SIPService|uri|String|
-Anonymous
+|request|INVITE
-Anonymous
+ACK
-Anonymous
+BYE
-Anonymous
+CANCEL
-Anonymous
+OPTIONS
-Anonymous
+REGISTER
-Anonymous
+PRACK
-Anonymous
+SUBSCRIBE
-Anonymous
+NOTIFY
-Anonymous
+PUBLISH
-Anonymous
+INFO
-Anonymous
+referer
-Anonymous
+MESSAGE
-Anonymous
+UPDATE
-Anonymous
+other|
-Anonymous
+|ext-request|String|
-Anonymous
+|response|integer|
-Anonymous
+|/2.SIPService->HeaderSIPService|parameter|Enum|
-Anonymous
+|value|String|
-Anonymous
+|/4.Service->SMTPService|messsageid|String|
-Anonymous
+|user-agent|String|
-Anonymous
+|subject|String|
-Anonymous
+|references|String|