%% You should probably cite rfc8274 instead of this I-D. @techreport{ietf-mile-iodef-guidance-11, number = {draft-ietf-mile-iodef-guidance-11}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-mile-iodef-guidance/11/}, author = {Panos Kampanakis and Mio Suzuki}, title = {{Incident Object Description Exchange Format Usage Guidance}}, pagetotal = 33, year = 2017, month = sep, day = 7, abstract = {The Incident Object Description Exchange Format (IODEF) v2 (RFC7970) defines a data representation that provides a framework for sharing information about computer security incidents commonly exchanged by Computer Security Incident Response Teams (CSIRTs) . Since the IODEF model includes a wealth of available options that can be used to describe a security incident or issue, it can be challenging for security practitioners to develop tools that leverage IODEF for incident sharing. This document provides guidelines for IODEF implementers. It addresses how common security indicators can be represented in IODEF and use-cases of how IODEF is being used. This document aims to make IODEF's adoption by vendors easier and encourage faster and wider adoption of the model by CSIRTs around the world.}, }