The Intrusion Detection Message Exchange Format
RFC 4765, “The Intrusion Detection Message Exchange Format”, is an Experimental document published in March 2007 by H. Debar, D. Curry, B. Feinstein. The canonical text is published by the RFC Editor.
Abstract
The purpose of the Intrusion Detection Message Exchange Format (IDMEF) is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems and to the management systems that may need to interact with them.
This document describes a data model to represent information exported by intrusion detection systems and explains the rationale for using this model. An implementation of the data model in the Extensible Markup Language (XML) is presented, an XML Document Type Definition is developed, and examples are provided. This memo defines an Experimental Protocol for the Internet community.
What “Experimental” means
Describes a specification that is part of a research or development effort, published so the community can gain experience with it.
The canonical text of RFC 4765 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 4764 The EAP-PSK Protocol: A Pre-Shared Key Extensible Authentication Protocol Method
- RFC 4766 Intrusion Detection Message Exchange Requirements
- RFC 4767 The Intrusion Detection Exchange Protocol
- RFC 4762 Virtual Private LAN Service Using Label Distribution Protocol Signaling
- RFC 4761 Virtual Private LAN Service Using BGP for Auto-Discovery and Signaling
- RFC 4760 Multiprotocol Extensions for BGP-4
- RFC 4770 vCard Extensions for Instant Messaging
- RFC 4771 Integrity Transform Carrying Roll-Over Counter for the Secure Real- time Transport Protocol