IDMEF vs IODEF: (1)

1. Reuse (confirmed) IDMEF to generate in a simplest way IncidentAlert (message)?

Possible format for IODEF IncidentAlert:

• Some Data

• Authority created IO

• AdditionalData containing IDMEF

To Be Considered.

Ask IDWG about lifetime of IDMEF: What happen with confirmed Intrusion?

Previous slide

Next slide

Back to first slide

View graphic version