RFC 8274

Incident Object Description Exchange Format Usage Guidance, November 2017

File formats:
icon for text file icon for PDF icon for HTML
Status:
INFORMATIONAL
Authors:
P. Kampanakis
M. Suzuki
Stream:
IETF
Source:
mile (sec)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC8274

Discuss this RFC: Send questions or comments to the mailing list mile@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 8274


Abstract

The Incident Object Description Exchange Format (IODEF) v2 (RFC7970) defines a data representation that provides a framework for sharing information about computer security incidents commonly exchanged by Computer Security Incident Response Teams (CSIRTs) . Since the IODEF model includes a wealth of available options that can be used to describe a security incident or issue, it can be challenging for security practitioners to develop tools that leverage IODEF for incident sharing. This document provides guidelines for IODEF implementers. It addresses how common security indicators can be represented in IODEF and use-cases of how IODEF is being used. This document aims to make IODEF's adoption by vendors easier and encourage faster and wider adoption of the model by CSIRTs around the world.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search