Project

General

Profile

IDMEFV2 » History » Version 3

Anonymous, 10/26/2015 04:08 PM

1 1 Gilles Lehmann
h1. IDMEFV2
2 2 Anonymous
3 2 Anonymous
One of SECEF's projects was to build a new IDMEF structure, that referred to as IDMEF V2.
4 2 Anonymous
5 2 Anonymous
Here are listed the changes we've made from V1 to V2.
6 2 Anonymous
7 2 Anonymous
All of these changes were first discussed during meetings or on the forum.
8 2 Anonymous
9 3 Anonymous
Red are the suppressed fields or class, The others were added.
10 2 Anonymous
11 2 Anonymous
|_.Evolution|_.Class|_.Field|_. Type   |
12 2 Anonymous
|/2. Identifier la date de début et de fin d'un événement (scan, propagation de vers, etc.) ou une durée | StartTime     |   Date | Date|
13 2 Anonymous
                                                                                                         | EndTime       |   Date | Date|
14 2 Anonymous
|Champs pour identifer le protocole de transport (TCP, UDP) indépendamment du protocole applicatif       | Service       | transport_protocol |ATP
15 2 Anonymous
CUDP
16 2 Anonymous
DCCP
17 2 Anonymous
FCP
18 2 Anonymous
IL
19 2 Anonymous
MPTCP
20 2 Anonymous
RDP
21 2 Anonymous
RUDP
22 2 Anonymous
SCTP
23 2 Anonymous
SPX
24 2 Anonymous
SST
25 2 Anonymous
TCP
26 2 Anonymous
UDP
27 2 Anonymous
UDP Lite
28 2 Anonymous
µTP|
29 2 Anonymous
|Gérer les adresses et les ports translatés.| Address | translation |no_translation
30 2 Anonymous
pre_trabslation
31 2 Anonymous
post_translation|
32 2 Anonymous
|/3.Attachement du log originel (plus specifique que Additional Data)|/3.Classification->Origin|origin|log_analysis
33 2 Anonymous
sensor|
34 2 Anonymous
|signature|String|
35 2 Anonymous
|log|String|
36 2 Anonymous
|Compteur d'occurrence des événements qui sont agrégés dans une alerte|Origin|counter|Integer|
37 2 Anonymous
|Champs pour identifier le thread|Process| TID|Integer|
38 2 Anonymous
|/2.Distinguer la sévérité d'une attaque, la vulnérabilité probable de la cible, la criticité de la cible et la priorité finale de l'alerte|/2.Impact|target_vulnerability|Enum|
39 2 Anonymous
|target_criticity|Enum|
40 2 Anonymous
|Supprimer les OverflowAlerts|\3{background:#e99b9b}.OverflowAlerts|
41 2 Anonymous
|Ajouter un champs pour identifier la catégorie d'un hôte|Node|type|Enum à travailler|
42 2 Anonymous
|/6.Gestion explicite des données de géolocalisation (longitude, lattitude, ville pays)|/5.Node->Location|latitude|float|
43 2 Anonymous
|longitude|float|
44 2 Anonymous
|city|String|
45 2 Anonymous
|country|String|
46 2 Anonymous
|state|String|
47 2 Anonymous
|{background:#e99b9b}.Node|\2{background:#e99b9b}.Location|
48 2 Anonymous
|/4.Compléter la classe WebService|WebService->WebServiceHeaderParams/2.|parameter|host
49 2 Anonymous
referer
50 2 Anonymous
user-agent
51 2 Anonymous
server
52 2 Anonymous
cookie
53 2 Anonymous
http-method
54 2 Anonymous
other|
55 2 Anonymous
|value|String|
56 2 Anonymous
|/2.WebService->WebServiceParams|parameter|String|
57 2 Anonymous
|value|String|
58 2 Anonymous
|/16.Ajouter des sous-classes à la classe Service|/4.Service->LDAPService|url|String|
59 2 Anonymous
|operation|start_tls
60 2 Anonymous
bind
61 2 Anonymous
search
62 2 Anonymous
compare
63 2 Anonymous
add
64 2 Anonymous
delete
65 2 Anonymous
modify
66 2 Anonymous
modify_dn
67 2 Anonymous
abandon
68 2 Anonymous
extended-operation
69 2 Anonymous
unbind
70 2 Anonymous
other|
71 2 Anonymous
|ext-operation|String|
72 2 Anonymous
|dn|String|
73 2 Anonymous
|/2.LDAPService->LDAPServiceParams|parameter|scope
74 2 Anonymous
filter
75 2 Anonymous
deref_aliases
76 2 Anonymous
attribute
77 2 Anonymous
sizelimit
78 2 Anonymous
timelimit
79 2 Anonymous
sizeonly
80 2 Anonymous
ext-type|
81 2 Anonymous
|ext-type|String|
82 2 Anonymous
|/4.Service->SIPService|uri|String|
83 2 Anonymous
|request|INVITE
84 2 Anonymous
ACK
85 2 Anonymous
BYE
86 2 Anonymous
CANCEL
87 2 Anonymous
OPTIONS
88 2 Anonymous
REGISTER
89 2 Anonymous
PRACK
90 2 Anonymous
SUBSCRIBE
91 2 Anonymous
NOTIFY
92 2 Anonymous
PUBLISH
93 2 Anonymous
INFO
94 2 Anonymous
referer
95 2 Anonymous
MESSAGE
96 2 Anonymous
UPDATE
97 2 Anonymous
other|
98 2 Anonymous
|ext-request|String|
99 2 Anonymous
|response|integer|
100 2 Anonymous
|/2.SIPService->HeaderSIPService|parameter|Enum|
101 2 Anonymous
|value|String|
102 2 Anonymous
|/4.Service->SMTPService|messsageid|String|
103 2 Anonymous
|user-agent|String|
104 2 Anonymous
|subject|String|
105 2 Anonymous
|references|String|