The Incident Object Description Exchange Format
RFC 5070
Document | Type |
RFC - Proposed Standard
(December 2007; Errata)
Obsoleted by RFC 7970
Updated by RFC 6685
Was draft-ietf-inch-iodef (inch WG)
|
|
---|---|---|---|
Authors | Jan Meijer , Roman Danyliw , Yuri Demchenko | ||
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5070 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Sam Hartman | ||
Send notices to | (None) |
Network Working Group R. Danyliw Request for Comments: 5070 CERT Category: Standards Track J. Meijer UNINETT Y. Demchenko University of Amsterdam December 2007 The Incident Object Description Exchange Format Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract The Incident Object Description Exchange Format (IODEF) defines a data representation that provides a framework for sharing information commonly exchanged by Computer Security Incident Response Teams (CSIRTs) about computer security incidents. This document describes the information model for the IODEF and provides an associated data model specified with XML Schema. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 1.2. Notations . . . . . . . . . . . . . . . . . . . . . . . . 5 1.3. About the IODEF Data Model . . . . . . . . . . . . . . . . 5 1.4. About the IODEF Implementation . . . . . . . . . . . . . . 6 2. IODEF Data Types . . . . . . . . . . . . . . . . . . . . . . . 6 2.1. Integers . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2. Real Numbers . . . . . . . . . . . . . . . . . . . . . . . 7 2.3. Characters and Strings . . . . . . . . . . . . . . . . . . 7 2.4. Multilingual Strings . . . . . . . . . . . . . . . . . . . 7 2.5. Bytes . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.6. Hexadecimal Bytes . . . . . . . . . . . . . . . . . . . . 7 2.7. Enumerated Types . . . . . . . . . . . . . . . . . . . . . 8 2.8. Date-Time Strings . . . . . . . . . . . . . . . . . . . . 8 Danyliw, et al. Standards Track [Page 1] RFC 5070 IODEF December 2007 2.9. Timezone String . . . . . . . . . . . . . . . . . . . . . 8 2.10. Port Lists . . . . . . . . . . . . . . . . . . . . . . . . 8 2.11. Postal Address . . . . . . . . . . . . . . . . . . . . . . 9 2.12. Person or Organization . . . . . . . . . . . . . . . . . . 9 2.13. Telephone and Fax Numbers . . . . . . . . . . . . . . . . 9 2.14. Email String . . . . . . . . . . . . . . . . . . . . . . . 9 2.15. Uniform Resource Locator strings . . . . . . . . . . . . . 9 3. The IODEF Data Model . . . . . . . . . . . . . . . . . . . . . 9 3.1. IODEF-Document Class . . . . . . . . . . . . . . . . . . . 10 3.2. Incident Class . . . . . . . . . . . . . . . . . . . . . . 10 3.3. IncidentID Class . . . . . . . . . . . . . . . . . . . . . 14 3.4. AlternativeID Class . . . . . . . . . . . . . . . . . . . 14 3.5. RelatedActivity Class . . . . . . . . . . . . . . . . . . 15 3.6. AdditionalData Class . . . . . . . . . . . . . . . . . . . 16 3.7. Contact Class . . . . . . . . . . . . . . . . . . . . . . 18 3.7.1. RegistryHandle Class . . . . . . . . . . . . . . . . . 21 3.7.2. PostalAddress Class . . . . . . . . . . . . . . . . . 22 3.7.3. Email Class . . . . . . . . . . . . . . . . . . . . . 22 3.7.4. Telephone and Fax Classes . . . . . . . . . . . . . . 23 3.8. Time Classes . . . . . . . . . . . . . . . . . . . . . . . 23 3.8.1. StartTime . . . . . . . . . . . . . . . . . . . . . . 24 3.8.2. EndTime . . . . . . . . . . . . . . . . . . . . . . . 24 3.8.3. DetectTime . . . . . . . . . . . . . . . . . . . . . . 24 3.8.4. ReportTime . . . . . . . . . . . . . . . . . . . . . . 24 3.8.5. DateTime . . . . . . . . . . . . . . . . . . . . . . . 24 3.9. Method Class . . . . . . . . . . . . . . . . . . . . . . . 24 3.9.1. Reference Class . . . . . . . . . . . . . . . . . . . 25 3.10. Assessment Class . . . . . . . . . . . . . . . . . . . . . 25 3.10.1. Impact Class . . . . . . . . . . . . . . . . . . . . . 27 3.10.2. TimeImpact Class . . . . . . . . . . . . . . . . . . . 29 3.10.3. MonetaryImpact Class . . . . . . . . . . . . . . . . . 30 3.10.4. Confidence Class . . . . . . . . . . . . . . . . . . . 31 3.11. History Class . . . . . . . . . . . . . . . . . . . . . . 32 3.11.1. HistoryItem Class . . . . . . . . . . . . . . . . . . 33Show full document text