Intrusion Detection Message Exchange Format

This RFC presents an implementation of the XML data model and the associated DTD.

The requirements for this format are described in RFC 4766, and the recommended transport protocol (IDXP) is documented in RFC 4767 The purpose of IDMEF is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems and to the management systems that may need to interact with them.

IDMEF is a well-structured object-oriented format, which consists of 33 classes containing 108 fields, including three mandatory: There are currently two types of IDMEF messages that can be created, Heartbeat or Alert The Heartbeats are sent by the analyzers to indicate their status.

If none of these messages are received for several periods of time, consider that this analyzer is not able to trigger alerts.

Alerts are used to describe an attack that took place, the main areas that create the alert are: There are three other alert types that inherit from this scheme: IDMEF report of ping of death attack can look as follows: Many telecommunications network elements produce security alarms[1] that address intrusion detection in conformance with international standards.