datatracker.ietf.org
Sign in
Version 5.6.2.p3, 2014-07-31
Report a bug

The Incident Object Description Exchange Format
RFC 5070

Document type: RFC - Proposed Standard (December 2007; Errata)
Updated by RFC 6685
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 5070 (Proposed Standard)
Responsible AD: Sam Hartman
Send notices to: <rdd@cert.org>

Network Working Group                                         R. Danyliw
Request for Comments: 5070                                          CERT
Category: Standards Track                                      J. Meijer
                                                                 UNINETT
                                                            Y. Demchenko
                                                 University of Amsterdam
                                                           December 2007

            The Incident Object Description Exchange Format

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   The Incident Object Description Exchange Format (IODEF) defines a
   data representation that provides a framework for sharing information
   commonly exchanged by Computer Security Incident Response Teams
   (CSIRTs) about computer security incidents.  This document describes
   the information model for the IODEF and provides an associated data
   model specified with XML Schema.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
     1.1.  Terminology  . . . . . . . . . . . . . . . . . . . . . . .  5
     1.2.  Notations  . . . . . . . . . . . . . . . . . . . . . . . .  5
     1.3.  About the IODEF Data Model . . . . . . . . . . . . . . . .  5
     1.4.  About the IODEF Implementation . . . . . . . . . . . . . .  6
   2.  IODEF Data Types . . . . . . . . . . . . . . . . . . . . . . .  6
     2.1.  Integers . . . . . . . . . . . . . . . . . . . . . . . . .  6
     2.2.  Real Numbers . . . . . . . . . . . . . . . . . . . . . . .  7
     2.3.  Characters and Strings . . . . . . . . . . . . . . . . . .  7
     2.4.  Multilingual Strings . . . . . . . . . . . . . . . . . . .  7
     2.5.  Bytes  . . . . . . . . . . . . . . . . . . . . . . . . . .  7
     2.6.  Hexadecimal Bytes  . . . . . . . . . . . . . . . . . . . .  7
     2.7.  Enumerated Types . . . . . . . . . . . . . . . . . . . . .  8
     2.8.  Date-Time Strings  . . . . . . . . . . . . . . . . . . . .  8

Danyliw, et al.             Standards Track                     [Page 1]
RFC 5070                         IODEF                     December 2007

     2.9.  Timezone String  . . . . . . . . . . . . . . . . . . . . .  8
     2.10. Port Lists . . . . . . . . . . . . . . . . . . . . . . . .  8
     2.11. Postal Address . . . . . . . . . . . . . . . . . . . . . .  9
     2.12. Person or Organization . . . . . . . . . . . . . . . . . .  9
     2.13. Telephone and Fax Numbers  . . . . . . . . . . . . . . . .  9
     2.14. Email String . . . . . . . . . . . . . . . . . . . . . . .  9
     2.15. Uniform Resource Locator strings . . . . . . . . . . . . .  9
   3.  The IODEF Data Model . . . . . . . . . . . . . . . . . . . . .  9
     3.1.  IODEF-Document Class . . . . . . . . . . . . . . . . . . . 10
     3.2.  Incident Class . . . . . . . . . . . . . . . . . . . . . . 10
     3.3.  IncidentID Class . . . . . . . . . . . . . . . . . . . . . 14
     3.4.  AlternativeID Class  . . . . . . . . . . . . . . . . . . . 14
     3.5.  RelatedActivity Class  . . . . . . . . . . . . . . . . . . 15
     3.6.  AdditionalData Class . . . . . . . . . . . . . . . . . . . 16
     3.7.  Contact Class  . . . . . . . . . . . . . . . . . . . . . . 18
       3.7.1.  RegistryHandle Class . . . . . . . . . . . . . . . . . 21
       3.7.2.  PostalAddress Class  . . . . . . . . . . . . . . . . . 22
       3.7.3.  Email Class  . . . . . . . . . . . . . . . . . . . . . 22
       3.7.4.  Telephone and Fax Classes  . . . . . . . . . . . . . . 23
     3.8.  Time Classes . . . . . . . . . . . . . . . . . . . . . . . 23
       3.8.1.  StartTime  . . . . . . . . . . . . . . . . . . . . . . 24
       3.8.2.  EndTime  . . . . . . . . . . . . . . . . . . . . . . . 24
       3.8.3.  DetectTime . . . . . . . . . . . . . . . . . . . . . . 24
       3.8.4.  ReportTime . . . . . . . . . . . . . . . . . . . . . . 24
       3.8.5.  DateTime . . . . . . . . . . . . . . . . . . . . . . . 24
     3.9.  Method Class . . . . . . . . . . . . . . . . . . . . . . . 24
       3.9.1.  Reference Class  . . . . . . . . . . . . . . . . . . . 25
     3.10. Assessment Class . . . . . . . . . . . . . . . . . . . . . 25
       3.10.1. Impact Class . . . . . . . . . . . . . . . . . . . . . 27
       3.10.2. TimeImpact Class . . . . . . . . . . . . . . . . . . . 29
       3.10.3. MonetaryImpact Class . . . . . . . . . . . . . . . . . 30
       3.10.4. Confidence Class . . . . . . . . . . . . . . . . . . . 31

[include full document text]