Incident Object Description and Exchange Format

Slides:



Advertisements
Similar presentations
© 2006 NEC Corporation - Confidential age 1 November SPEERMINT Security Threats and Suggested Countermeasures draft-ietf-speermint-voipthreats-01.
Advertisements

CERT.at Team Update TF-CSIRT Jan 2013, Lisbon L. Aaron Kaplan.
Clearinghouse for Incident Handling Tools TF-CSIRT Seminar January 18, 2001 Barcelona Yuri Demchenko.
Managed Incident Lightweight Exchange (MILE) Overview and Participation Kathleen Moriarty Global Lead Security Architect EMC Corporate CTO Office.
IODEF datamodel update. Stability of the datamodel Datamodel stable since Feb 2003 interim meeting Draft stable since publication March 31st.
Academic and Research Network of Slovenia 1 The CSIRT initiative Gorazd Božič ARNES SI-CERT, Jamova 39, Ljubljana, Slovenia NATO.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
Requirements for Format for INcident data Exchange (FINE) draft-ietf-inch-requirements-00.txt INCH WG, IETF56 March 19, 2003 Yuri Demchenko Glenn Mansfield.
INCH Requirements (2) IETF INCH-WG, March.2003 Glenn M. Keeni/Yuri Demchenko.
INCH Requirements IETF Interim meeting, Uppsala, Feb.2003.
Collaborative Intrusion Detection and Response. Limitations of Monolithic ID Single point of failure Limited access to data sources Only one perspective.
Automated XML Content Data Exchange and Management draft-waltermire-content-repository-00
Security Guide for Interconnecting Information Technology Systems
TERENA News Update TERENA User Services related Activity IETF50, Minneapolis IETF User Services WG Yuri Demchenko, TERENA
Method of Converting Resource definitions into XSD Group Name: WG3 (PRO) Source: Shingo Fujimoto, FUJITSU, Meeting Date:
EGEE is a project funded by the European Union under contract IST JRA3 - Incident Response General Issues Yuri Demchenko MWSG2 June 16, 2004.
MWSG3 August 25, 2004 JRA3 - Incident Response Issues to decide on and next steps Yuri Demchenko EGEE is a project.
EGEE is a project funded by the European Union under contract IST Standards and Practices in Operational Security Yuri Demchenko, AIRG UvA.
CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.
TechSec WG: Related activities overview and Fonkey Project update TechSec WG, RIPE-46 September 3, 2003 Yuri Demchenko.
Setting up a Grid-CERT Experiences of an academic CSIRT TERENA Networking Conference May, Lyngby, Denmark Klaus Möller DFN-CERT Services GmbH.
IODEF Design principles and IODEF Data Model Overview IODEF Data Model and XML DTD pre-draft Version 0.03 TERENA IODEF WG Yuri Demchenko.
Incident Object Description and Exchange Format TF-CSIRT at TERENA IODEF Editorial Group Jimmy Arvidsson Andrew Cormack Yuri Demchenko Jan Meijer.
© 2012 The MITRE Corporation. All rights reserved. For internal MITRE use 13 June 2013 Meeting #3 hData Record Format Taskforce 1 © 2012 The MITRE Corporation.
IODEF Incident Data Exchange Format Rhodes, 8 June 2004 Jan Meijer.
IODEF and Extended Incident Handling Framework TF-CSIRT Seminar May 31, 2001 Ljubljana.
United Nations Statistics Division Registry of national Classifications.
Incident Object Description and Exchange Format
Relations between IODEF and IDMEF Based on IDMEF XML DTD and Data Model Analysis TERENA ITDWG IODEF Editorial Group Yuri Demchenko.
IETF63 - enum WG1 ENUM validation architecture & friends Alex Mayrhofer enum.at / 3.4.e164.arpa Bernie Höneisen SWITCH.
EGEE is a project funded by the European Union under contract IST Grid Security Incident definition and format Yuri Demchenko, AIRG UvA JSG.
Common Alerting Protocol (CAP) v. 1.0 Emergency Management Technical Committee.
ITEM #1 reference to retrieval and archiving is removed.
Fonkey Project Update: Target Applications TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
Optimising XML Schema for IODEF Data model INCH WG, IETF57 July 16, 2003 Yuri Demchenko.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Relations between IODEF and IDMEF Based on IDMEF XML DTD and Data Model Analysis TERENA ITDWG IODEF Editorial Group Yuri Demchenko.
Interface to the Routing System (IRS) BOF IETF 85, Atlanta November 2012.
12/03/2016Claudio Allocchio GN2-JRA2 WI3 Pilot project for Security Incident Handling Claudio Allocchio.
S. Ali, K. Cartwright, D. Guyton, A. Mayrhofer, J-F. Mulé Data for Reachability of Inter/tra-NetworK SIP (drinks) DRINKS WG draft-mule-drinks-proto-02.
Traceroute Storage Format and Metrics draft-niccolini-ippm-storetraceroutes-03 Saverio Niccolini, Sandra Tartarelli, Juergen Quittek Network Laboratories,
INCident Handling BOF (INCH) Thursday, March IETF 53.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
© Cloud Security Alliance, 2015 March 2, Agenda © Cloud Security Alliance, 2015 The SecaaS Working Group Recent Activity Charter Category outline/templates.
1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center.
GGF - © Birds of a Feather - Policy Architecture Working Group.
Establish the NIEM Health Domain by focusing on high value data exchanges that can be modeled within NIEM in the context of the existing NIEM framework.
Stephen Banghart Dave Waltermire
Building Global CSIRT Capabilities Barbara Laswell, Ph. D
Summary Report Project Name: Model-Driven Health Tools (MDHT)
SNOMED CT Education SIG: Strategic Plan Review
INCH Requirements Glenn Mansfield Keeni Cyber Solutions Inc
LCG/EGEE Incident Response Planning
The Forum of Incident Response and Security Teams (FIRST)
SACM Virtual Interim Meeting
CONEX BoF.
Threat Trends and Protection Strategies Barbara Laswell, Ph. D
IETF Liaison Report November 2004 Dorothy Stanley – Agere Systems
Limiting Uncertainty in Intrusion Response
2nd TF-LSD meeting, Amsterdam, 2. February 2001
WG Environmental Expenditure Statistics
Protocol Deviation Handling
X-DIS/XBRL Phase 2 Kick-Off
Context Methodology SC
Computer Security Cooperation in Europe
The Forum of Incident Response and Security Teams (FIRST)
Web-based Imaging Management Service WIMS Working Group
The ESS quality reporting implementation process
Incident Object Description and Exchange Format
Presentation transcript:

Incident Object Description and Exchange Format TF-CSIRT Seminar January 18, 2001 Barcelona

Incident object Description and Exchange Format Agenda TF-CSIRT Incident Taxonomy and Description WG work process IODEF presentation at IETF49 IDWG meeting IODEF and IDEF relations document – to be presented to IDWG IODEF related Terminology by Jimmy Arvidsson In context of revision of the IODEF Requirements I-Draft IODEF XML DTD vs IODEF XML Schema Discussion and call for contribution ITDWG charter update by Jan Meijer ©Jan. 18, 2001. TF-CSIRT Seminar, Barcelona. Incident object Description and Exchange Format

ITDWG work process Contribution is welcome! ITDWG webpage and charter http://www.terena.nl/task-forces/tf-csirt/i-taxonomy/ IODEF Documents IODEF Requirements draft-…-00.txt IODEF Data Model - TBD IODEF XML DTD or IODEF XML Schema - TBD IODEF Editorial Group Jimmy Arvidsson, Telia CERT Andrew Cormack, CERT UKERNA Yuri Demchenko, TERENA Jan Meijer, CERT-NL Contribution is welcome! ©Jan. 18, 2001. TF-CSIRT Seminar, Barcelona. Incident object Description and Exchange Format

IODEF/ITDWG and IDEF/IDWG Relations IODEF presentation at IETF49 IDWG meeting IODEF and IDEF relations document – to be presented to IDWG IDEF to IODEF mapping (to be drafted) Look at Vulnerability Reports Contact Symantec (and CERT/CC?) ©Jan. 18, 2001. TF-CSIRT Seminar, Barcelona. Incident object Description and Exchange Format

IDWG Scope and IDEF Documents IDEF is for Intrusion Detection Systems Main actors - IDS Root element – Alert Short life history Data collected automatically Currently on the IETF IDWG std process IDEF Requirements draft-…-04.txt IDEF Data Model IDEF XML DTD IDEF ANS.1 MIBII format Intrusion Alert Protocol (IAP) Design Team and Pilot implementations of XML and MIBII based IDEF ©Jan. 18, 2001. TF-CSIRT Seminar, Barcelona. Incident object Description and Exchange Format

Main IODEF actors are CSIRTs – not IDS IODEF purposes A uniform incident classification enables applications such as: uniform statistic generation and exchange, for both domestic use and exchange of data between teams. Over time a distributed incident statistics infrastructure can evolve trend-analyses for reoccurrence of incidents, victims, attackers, etc. trend-analyses for relations between scans and attacks and thus begin working on pro-active incident response uniform internal incident storage incident handling between teams made easier (only one team needs to classify and analyze the complete incident, the other team can re-use this data) uniform incident reporting by victims to CSIRTs Main IODEF actors are CSIRTs – not IDS ©Jan. 18, 2001. TF-CSIRT Seminar, Barcelona. Incident object Description and Exchange Format

IODEF XML DTD vs IODEF XML Schema Discussion and call for contribution Need expertise in XML DTD/Schema ©Jan. 18, 2001. TF-CSIRT Seminar, Barcelona. Incident object Description and Exchange Format

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.