Presentation is loading. Please wait.

Presentation is loading. Please wait.

Incident Object Description and Exchange Format

Published byKristian Jordan Modified over 6 years ago

Similar presentations

Presentation on theme: "Incident Object Description and Exchange Format"— Presentation transcript:

1 Incident Object Description and Exchange Format
TF-CSIRT Seminar January 18, 2001 Barcelona

2 Incident object Description and Exchange Format
Agenda TF-CSIRT Incident Taxonomy and Description WG work process IODEF presentation at IETF49 IDWG meeting IODEF and IDEF relations document – to be presented to IDWG IODEF related Terminology by Jimmy Arvidsson In context of revision of the IODEF Requirements I-Draft IODEF XML DTD vs IODEF XML Schema Discussion and call for contribution ITDWG charter update by Jan Meijer ©Jan. 18, TF-CSIRT Seminar, Barcelona. Incident object Description and Exchange Format

3 ITDWG work process Contribution is welcome! ITDWG webpage and charter
IODEF Documents IODEF Requirements draft-…-00.txt IODEF Data Model - TBD IODEF XML DTD or IODEF XML Schema - TBD IODEF Editorial Group Jimmy Arvidsson, Telia CERT Andrew Cormack, CERT UKERNA Yuri Demchenko, TERENA Jan Meijer, CERT-NL Contribution is welcome! ©Jan. 18, TF-CSIRT Seminar, Barcelona. Incident object Description and Exchange Format

4 IODEF/ITDWG and IDEF/IDWG Relations
IODEF presentation at IETF49 IDWG meeting IODEF and IDEF relations document – to be presented to IDWG IDEF to IODEF mapping (to be drafted) Look at Vulnerability Reports Contact Symantec (and CERT/CC?) ©Jan. 18, TF-CSIRT Seminar, Barcelona. Incident object Description and Exchange Format

5 IDWG Scope and IDEF Documents
IDEF is for Intrusion Detection Systems Main actors - IDS Root element – Alert Short life history Data collected automatically Currently on the IETF IDWG std process IDEF Requirements draft-…-04.txt IDEF Data Model IDEF XML DTD IDEF ANS.1 MIBII format Intrusion Alert Protocol (IAP) Design Team and Pilot implementations of XML and MIBII based IDEF ©Jan. 18, TF-CSIRT Seminar, Barcelona. Incident object Description and Exchange Format

6 Main IODEF actors are CSIRTs – not IDS
IODEF purposes A uniform incident classification enables applications such as: uniform statistic generation and exchange, for both domestic use and exchange of data between teams. Over time a distributed incident statistics infrastructure can evolve trend-analyses for reoccurrence of incidents, victims, attackers, etc. trend-analyses for relations between scans and attacks and thus begin working on pro-active incident response uniform internal incident storage incident handling between teams made easier (only one team needs to classify and analyze the complete incident, the other team can re-use this data) uniform incident reporting by victims to CSIRTs Main IODEF actors are CSIRTs – not IDS ©Jan. 18, TF-CSIRT Seminar, Barcelona. Incident object Description and Exchange Format

7 IODEF XML DTD vs IODEF XML Schema
Discussion and call for contribution Need expertise in XML DTD/Schema ©Jan. 18, TF-CSIRT Seminar, Barcelona. Incident object Description and Exchange Format

Download ppt "Incident Object Description and Exchange Format"

Similar presentations

© 2006 NEC Corporation - Confidential age 1 November 2008 - 1 SPEERMINT Security Threats and Suggested Countermeasures draft-ietf-speermint-voipthreats-01.

© 2006 NEC Corporation - Confidential age 1 November SPEERMINT Security Threats and Suggested Countermeasures draft-ietf-speermint-voipthreats-01.
CERT.at Team Update TF-CSIRT Jan 2013, Lisbon L. Aaron Kaplan.

CERT.at Team Update TF-CSIRT Jan 2013, Lisbon L. Aaron Kaplan.
Clearinghouse for Incident Handling Tools TF-CSIRT Seminar January 18, 2001 Barcelona Yuri Demchenko.

Clearinghouse for Incident Handling Tools TF-CSIRT Seminar January 18, 2001 Barcelona Yuri Demchenko.
Managed Incident Lightweight Exchange (MILE) Overview and Participation Kathleen Moriarty Global Lead Security Architect EMC Corporate CTO Office.

Managed Incident Lightweight Exchange (MILE) Overview and Participation Kathleen Moriarty Global Lead Security Architect EMC Corporate CTO Office.
IODEF datamodel update. Stability of the datamodel Datamodel stable since Feb 2003 interim meeting Draft stable since publication March 31st.

IODEF datamodel update. Stability of the datamodel Datamodel stable since Feb 2003 interim meeting Draft stable since publication March 31st.
Academic and Research Network of Slovenia 1 The CSIRT initiative Gorazd Božič ARNES SI-CERT, Jamova 39, Ljubljana, Slovenia NATO.

Academic and Research Network of Slovenia 1 The CSIRT initiative Gorazd Božič ARNES SI-CERT, Jamova 39, Ljubljana, Slovenia NATO.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
Requirements for Format for INcident data Exchange (FINE) draft-ietf-inch-requirements-00.txt INCH WG, IETF56 March 19, 2003 Yuri Demchenko Glenn Mansfield.

Requirements for Format for INcident data Exchange (FINE) draft-ietf-inch-requirements-00.txt INCH WG, IETF56 March 19, 2003 Yuri Demchenko Glenn Mansfield.
INCH Requirements (2) IETF INCH-WG, March.2003 Glenn M. Keeni/Yuri Demchenko.

INCH Requirements (2) IETF INCH-WG, March.2003 Glenn M. Keeni/Yuri Demchenko.
INCH Requirements IETF Interim meeting, Uppsala, Feb.2003.

INCH Requirements IETF Interim meeting, Uppsala, Feb.2003.
Collaborative Intrusion Detection and Response. Limitations of Monolithic ID Single point of failure Limited access to data sources Only one perspective.

Collaborative Intrusion Detection and Response. Limitations of Monolithic ID Single point of failure Limited access to data sources Only one perspective.
Automated XML Content Data Exchange and Management draft-waltermire-content-repository-00

Automated XML Content Data Exchange and Management draft-waltermire-content-repository-00
Security Guide for Interconnecting Information Technology Systems

Security Guide for Interconnecting Information Technology Systems
TERENA News Update TERENA User Services related Activity IETF50, Minneapolis IETF User Services WG Yuri Demchenko, TERENA

TERENA News Update TERENA User Services related Activity IETF50, Minneapolis IETF User Services WG Yuri Demchenko, TERENA
Method of Converting Resource definitions into XSD Group Name: WG3 (PRO) Source: Shingo Fujimoto, FUJITSU, Meeting Date:

Method of Converting Resource definitions into XSD Group Name: WG3 (PRO) Source: Shingo Fujimoto, FUJITSU, Meeting Date:
EGEE is a project funded by the European Union under contract IST-2003-508833 JRA3 - Incident Response General Issues Yuri Demchenko MWSG2 June 16, 2004.

EGEE is a project funded by the European Union under contract IST JRA3 - Incident Response General Issues Yuri Demchenko MWSG2 June 16, 2004.
MWSG3 August 25, 2004 JRA3 - Incident Response Issues to decide on and next steps Yuri Demchenko www.eu-egee.org EGEE is a project.

MWSG3 August 25, 2004 JRA3 - Incident Response Issues to decide on and next steps Yuri Demchenko EGEE is a project.
EGEE is a project funded by the European Union under contract IST-2003-508833 Standards and Practices in Operational Security Yuri Demchenko, AIRG UvA.

EGEE is a project funded by the European Union under contract IST Standards and Practices in Operational Security Yuri Demchenko, AIRG UvA.
CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.

CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.

Similar presentations

Ads by Google