New version V01 of the IDMEFv2 IETF drafts have been published. A lot of minor changes and corrections to stabilize V00. From the next version, the work on the drafts will be open to external comments and collaborations through IDMEFv2 mailing list.
- https://datatracker.ietf.org/doc/draft-lehmann-idmefv2/
- https://datatracker.ietf.org/doc/draft-lehmann-idmefv2-https-transport/
Format Draft major modifications :
- Some cleaning in the introduction paragraphs
- Observable class removed: too cyber specialized and too little used
- Alert: CeaseTime replaced by EndTime (IODEF compatibility)
- Alert: Severity replaced by Priority (combination of Impact and Urgency)
- Alert: DeleteTime attribute removed for the moment (too little used)
- Analyzer: Model|Category|Data become “Optional” instead of “Required”
- Sensor: Geolocation added (V00 omission)
- Vector attribute: Size removed (no need for a dedicated attribute can be mentioned in Note if necessary)
- JSON Validation schema updated
- Extension mechanism added : Very important feature.
Transport Draft major modifications
- Some cleaning in the introduction paragraphs
- Examples removed (they are already in format draft)
IDMEFv2 Task Force
