The Incident Object Description Exchange Format
RFC 5070

 
Document Type RFC - Proposed Standard (December 2007; Errata)
Updated by RFC 6685
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 5070 (Proposed Standard)
Telechat date
Responsible AD Sam Hartman
Send notices to <rdd@cert.org>

Email authors IPR References Referenced by Nits Search lists

Network Working Group                                         R. Danyliw
Request for Comments: 5070                                          CERT
Category: Standards Track                                      J. Meijer
                                                                 UNINETT
                                                            Y. Demchenko
                                                 University of Amsterdam
                                                           December 2007

            The Incident Object Description Exchange Format

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   The Incident Object Description Exchange Format (IODEF) defines a
   data representation that provides a framework for sharing information
   commonly exchanged by Computer Security Incident Response Teams
   (CSIRTs) about computer security incidents.  This document describes
   the information model for the IODEF and provides an associated data
   model specified with XML Schema.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
     1.1.  Terminology  . . . . . . . . . . . . . . . . . . . . . . .  5
     1.2.  Notations  . . . . . . . . . . . . . . . . . . . . . . . .  5
     1.3.  About the IODEF Data Model . . . . . . . . . . . . . . . .  5
     1.4.  About the IODEF Implementation . . . . . . . . . . . . . .  6
   2.  IODEF Data Types . . . . . . . . . . . . . . . . . . . . . . .  6
     2.1.  Integers . . . . . . . . . . . . . . . . . . . . . . . . .  6
     2.2.  Real Numbers . . . . . . . . . . . . . . . . . . . . . . .  7
     2.3.  Characters and Strings . . . . . . . . . . . . . . . . . .  7
     2.4.  Multilingual Strings . . . . . . . . . . . . . . . . . . .  7
     2.5.  Bytes  . . . . . . . . . . . . . . . . . . . . . . . . . .  7
     2.6.  Hexadecimal Bytes  . . . . . . . . . . . . . . . . . . . .  7
     2.7.  Enumerated Types . . . . . . . . . . . . . . . . . . . . .  8
     2.8.  Date-Time Strings  . . . . . . . . . . . . . . . . . . . .  8

Danyliw, et al.             Standards Track                     [Page 1]
RFC 5070                         IODEF                     December 2007

     2.9.  Timezone String  . . . . . . . . . . . . . . . . . . . . .  8
     2.10. Port Lists . . . . . . . . . . . . . . . . . . . . . . . .  8
     2.11. Postal Address . . . . . . . . . . . . . . . . . . . . . .  9
     2.12. Person or Organization . . . . . . . . . . . . . . . . . .  9
     2.13. Telephone and Fax Numbers  . . . . . . . . . . . . . . . .  9
     2.14. Email String . . . . . . . . . . . . . . . . . . . . . . .  9
     2.15. Uniform Resource Locator strings . . . . . . . . . . . . .  9
   3.  The IODEF Data Model . . . . . . . . . . . . . . . . . . . . .  9
     3.1.  IODEF-Document Class . . . . . . . . . . . . . . . . . . . 10
     3.2.  Incident Class . . . . . . . . . . . . . . . . . . . . . . 10
     3.3.  IncidentID Class . . . . . . . . . . . . . . . . . . . . . 14
     3.4.  AlternativeID Class  . . . . . . . . . . . . . . . . . . . 14
     3.5.  RelatedActivity Class  . . . . . . . . . . . . . . . . . . 15
     3.6.  AdditionalData Class . . . . . . . . . . . . . . . . . . . 16
     3.7.  Contact Class  . . . . . . . . . . . . . . . . . . . . . . 18
       3.7.1.  RegistryHandle Class . . . . . . . . . . . . . . . . . 21
       3.7.2.  PostalAddress Class  . . . . . . . . . . . . . . . . . 22
       3.7.3.  Email Class  . . . . . . . . . . . . . . . . . . . . . 22
       3.7.4.  Telephone and Fax Classes  . . . . . . . . . . . . . . 23
     3.8.  Time Classes . . . . . . . . . . . . . . . . . . . . . . . 23
       3.8.1.  StartTime  . . . . . . . . . . . . . . . . . . . . . . 24
       3.8.2.  EndTime  . . . . . . . . . . . . . . . . . . . . . . . 24
       3.8.3.  DetectTime . . . . . . . . . . . . . . . . . . . . . . 24
       3.8.4.  ReportTime . . . . . . . . . . . . . . . . . . . . . . 24
       3.8.5.  DateTime . . . . . . . . . . . . . . . . . . . . . . . 24
     3.9.  Method Class . . . . . . . . . . . . . . . . . . . . . . . 24
       3.9.1.  Reference Class  . . . . . . . . . . . . . . . . . . . 25
     3.10. Assessment Class . . . . . . . . . . . . . . . . . . . . . 25
       3.10.1. Impact Class . . . . . . . . . . . . . . . . . . . . . 27
       3.10.2. TimeImpact Class . . . . . . . . . . . . . . . . . . . 29
       3.10.3. MonetaryImpact Class . . . . . . . . . . . . . . . . . 30
       3.10.4. Confidence Class . . . . . . . . . . . . . . . . . . . 31
Show full document text