Differences between IDMEF and IODEF

• Main IODEF actors are CSIRTs – not IDS
  • CSIRT as owner of the IO
• IODEF is human (interface/interaction) oriented
  • Human readable, but machine parsable
• Incident Object has longer lifetime compare to one time use of IDMEF message
  • Incident handling (reporting, investigation, etc.)
  • Incident storage
  • Statistics and trend analysis

Previous slide

Next slide

Back to first slide

View graphic version