Vérène Houdebine, 11/04/2015 10:48 PM

Translated addresses and ports

Aim :

Offer a way to identify translated addresses and ports.

Description :

Most formats offer a way to specify whether a given address or port is pre or post translation. IDMEF doesn't offer this possibility because the translation process is younger than IDMEF. However, since translation has become a common practice, it appears to be absolutely necessary to include this information in the format.

GH : We could use Address.category

Meetings :

30/10/2015 Meeting : This information is necessary. In order to avoid adding too much fields, we could use the category field from the class address and update the related dictionnary.