RFC 8274

Incident Object Description Exchange Format Usage Guidance, November 2017

Canonical URL:
https://www.rfc-editor.org/rfc/rfc8274.txt
File formats:
Plain TextPDF
Status:
INFORMATIONAL
Authors:
P. Kampanakis
M. Suzuki
Stream:
IETF
Source:
mile (sec)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC8274

Discuss this RFC: Send questions or comments to mile@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

The Incident Object Description Exchange Format (IODEF) v2 (RFC7970) defines a data representation that provides a framework for sharing information about computer security incidents commonly exchanged by Computer Security Incident Response Teams (CSIRTs) . Since the IODEF model includes a wealth of available options that can be used to describe a security incident or issue, it can be challenging for security practitioners to develop tools that leverage IODEF for incident sharing. This document provides guidelines for IODEF implementers. It addresses how common security indicators can be represented in IODEF and use-cases of how IODEF is being used. This document aims to make IODEF's adoption by vendors easier and encourage faster and wider adoption of the model by CSIRTs around the world.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader