Real-time Inter-network Defense on:
[Wikipedia]
[Google]
[Amazon]
Used for computer security, IODEF (''Incident Object Description Exchange Format'') is a data format which is used to describe computer security information for the purpose of exchange between Computer Security Incident Response Teams ( CSIRTs).
IODEF messages are organized in a human-readable way, and not a machine format. Details of the format are described in RFC 5070 and updated in RFC 6685. Version 2 of the format is defined in RFC 7970, which supersedes the previous version. This RFC presents an implementation of the data model in
IODEF is an object-oriented structured format, composed of 47 classes in the first version. The IODEF and IDMEF formats having a lot in common: the field structure is similar to the IDMEF one and it is an extensible format: in addition to the usual Additional Data Class, which allow adding any information relevant to the IODEF message, most enumerations are provided with an "ext" field. This field is used when none of the proposed choices are fitting.
Here is a list of the main fields:
Prelude SIEM
IODEFLIB
: Python library to create, parse and edit cyber incident reports using the IODEF XML format (RFC 5070)
RT-IODEF
: Perl module for translating RT tickets to IODEF messages and also maps IODEF to RT’s Custom Fields based on their description tag
Mantis IODEF Importer
: An IODEF (v1.0) importer for the Mantis Cyber Threat Intelligence Mgmt. Framework
ArcSight-IODEF-Perl
: A perl module to convert arcsight xml to a standardized iodef message
IODEF Implementations
IODEF DBI
IODEF Pb
: This library maps IODEF (RFC 5070) to the google protocol buffer serialization library.
XML :: IODEF
– A perl module for easily creating/parsing IODEF Documents
Stix output formatter for : Iodef::Pb::Simple
Library for parsing IODEF in PHP
XML
Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing data. It defines a set of rules for encoding electronic document, documents in a format that is both human-readable and Machine-r ...
as well as the associated DTD. Further implementation guidance for IODEF v2 is defined in RFC 8274.
One of the main characteristics of IODEF is its compatibility with the IDMEF ''Intrusion Detection Message Exchange Format'' developed for intrusion detection systems. For this reason, IODEF is heavily based on IDMEF and provides backward compatibility with it.
Format
IODEF is an object-oriented structured format, composed of 47 classes in the first version. The IODEF and IDMEF formats having a lot in common: the field structure is similar to the IDMEF one and it is an extensible format: in addition to the usual Additional Data Class, which allow adding any information relevant to the IODEF message, most enumerations are provided with an "ext" field. This field is used when none of the proposed choices are fitting.
Here is a list of the main fields:
Software using IODEF
Prelude SIEM
IODEFLIB
: Python library to create, parse and edit cyber incident reports using the IODEF XML format (RFC 5070)
RT-IODEF
: Perl module for translating RT tickets to IODEF messages and also maps IODEF to RT’s Custom Fields based on their description tag
Mantis IODEF Importer
: An IODEF (v1.0) importer for the Mantis Cyber Threat Intelligence Mgmt. Framework
ArcSight-IODEF-Perl
: A perl module to convert arcsight xml to a standardized iodef message
IODEF Implementations
IODEF DBI
IODEF Pb
: This library maps IODEF (RFC 5070) to the google protocol buffer serialization library.
XML :: IODEF
– A perl module for easily creating/parsing IODEF Documents
Stix output formatter for : Iodef::Pb::Simple
Library for parsing IODEF in PHP
External links
* – The Incident Object Description Exchange Format (IODEF) * – Expert Review for Incident Object Description Exchange Format (IODEF) Extensions in IANA XML Registry * – An Incident Object Description Exchange Format (IODEF) Extension for Structured Cybersecurity Information * – The Incident Object Description Exchange Format Version 2 * {{IETF RFC, 8274, link=no – Incident Object Description Exchange Format Usage Guidance Intrusion detection systems