iodef data model status
play

IODEF Data Model Status (changes from 02 to 03) - PowerPoint PPT Presentation

Nov 06, 2023 •6 likes •146 views

IODEF Data Model Status (changes from 02 to 03) <draft-ietf-inch-iodef-03> tracked @ https://rt.psg.com : inch-dm queue Roman Danyliw <rdd@cert.org> Thursday, November 11. 2004 IETF 61, Washington DC, USA Outline Changes from v02

  1. IODEF Data Model Status (changes from 02 to 03) <draft-ietf-inch-iodef-03> tracked @ https://rt.psg.com : inch-dm queue Roman Danyliw <rdd@cert.org> Thursday, November 11. 2004 IETF 61, Washington DC, USA

  2. Outline Changes from v02 to v03 November 11. 2004 IETF 61 2

  3. Editorial Changes • Compressed the ASCII-art pictures for the classes • Made UML diagrams, text description, and the DTD consistent • Re-wrote introduction (Section 1) • Simplified XML section (Section 2.1) • Simplified the Processing considerations (Section 5) • Simplified the Security considerations (Section 9) • Reference IDMEF specification for <Impact> and <Confidence> • Dropped all legacy normative references • More polished text for many of the class descriptions November 11. 2004 IETF 61 3

  4. Simplify the Data Model (#472) https://rt.psg.com/Ticket/Display.html?id=472 • Removed legacy (IDMEF) classes – File system classes: <FileList>, <File>, <inode>, etc. – Layer 7 classes: <SNMPService>, <HTTPService> – User classes: <User>, <UserId> • Removed unused classes – <number> – <LifeImpact> • Removed redundant classes – Removed <History> from <EventData> (already in <Incident>) November 11. 2004 IETF 61 4

  5. Simplify the Data Model (#472) 2 https://rt.psg.com/Ticket/Display.html?id=472 • Simplify representations when possible – Merged <IncidentData> into <Incident> – Simplified <Address> to not use <address> and <netmask> - <!ELEMENT Address (address, netmask?)> + <!ELEMENT Address (#PCDATA)> – Simplified <Service> to no longer redundantly - <!ELEMENT Service (((name?, port), portlist, protocol?)> + <!ELEMENT Service ((port | portlist), Application?)> + <!ATTLIST Service + ip_version CDATA "4" + ip_protocol CDATA #REQUIRED > – Removed NTPSTAMP (ntpstamp attribute) representation from the Time classes – Removed @restriction attribute from <Impact>, <TimeImpact>, and <MonetaryImpact> November 11. 2004 IETF 61 5

  6. Clean-up Attributes • Default value of Address@category="ipv4-addr” not "unknown“ • Dropped Contact@role="actor" enumerated value referenced in the <Expectation> class November 11. 2004 IETF 61 6

  7. Add new data • Added "asn" to %attvals.addrcat in <Address> (Issue #359) • Added "investigate" to attvals.expectcat in <Expectation> • Introduced <Application> (and replace <Process> of <System>, added to <Service>) November 11. 2004 IETF 61 7

  8. Flow Notation and Summarization Support (#360) https://rt.psg.com/Ticket/Display.html?id=360 • Added <Flow> as child of <EventData> to encapsulate <System>s • Added <Counter> to <Node> and <Service> November 11. 2004 IETF 61 8

  9. 9 Open Issues Outline IETF 61 November 11. 2004

  10. #356: Standardize extensions https://rt.psg.com/Ticket/Display.html?id=356 • Add a mandatory top-level container class to all extensions to allow an easy determination of which one is used • PROPOSAL <!ELEMENT IODEF-Extention (ANY)> <!ATTLIST IODEF-Extention name CDATA #REQUIRED source CDATA #REQUIRED version CDATA #IMPLIED > • STATUS: – Will fix with Schema trickery? How? November 11. 2004 IETF 61 10

  11. #551: Formalizing <RecordData> https://rt.psg.com/Ticket/Display.html?id=551 • Add meta-information so that in-lined logs snippets and those reference externally can be processed • PROPOSALS – Add a way to specify filter patterns and offsets into text and binary log files • STATUS: further discussion needed November 11. 2004 IETF 61 11

  12. Other Issues • Rename and redesign Analyzer (drop <pid>, <path>, <Process>); make it more similar to <Application> • Should <Application> be added to <Method>? (i.e., how to represent attack tools? Is using the System/Service/Application sufficient?) • Decide whether <Contact>/<name> requires its own class since it is formatted as PERSON, but in other uses of <name> it is STRING. • Representing OS of <System> November 11. 2004 IETF 61 12

  13. TODO • To be written – IODEF Schema (done for v02, needs update for v03) – IANA Considerations – Examples and description of XML-Signature and XML-Encryption in Security Considerations • Define sane default values for all attributes • Specify format of the TIMEZONE data- type November 11. 2004 IETF 61 13

  14. Moving Forward • Release an 04 draft using Schema within a month Comments? November 11. 2004 IETF 61 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IODEF Data Model Status &lt;draft-ietf-inch-iodef-02&gt; Roman Danyliw &lt;rdd@cert.org&gt;

IODEF Data Model Status &lt;draft-ietf-inch-iodef-02&gt; Roman Danyliw &lt;rdd@cert.org&gt;

IODEF Data Model Status &lt;draft-ietf-inch-iodef-02&gt; Roman Danyliw &lt;rdd@cert.org&gt; 1300-1500, Thursday, March 4. 2004 IETF 59, Seoul, Korea XML Schema Migration http://www.uazone.org/demch/projects/iodef/ STATUS Release a

332 views • 12 slides
IODEF Data Model Status (progress from -04) &lt;draft-ietf-inch-iodef-05&gt; tracked @

IODEF Data Model Status (progress from -04) &lt;draft-ietf-inch-iodef-05&gt; tracked @

IODEF Data Model Status (progress from -04) &lt;draft-ietf-inch-iodef-05&gt; tracked @ https://rt.psg.com : inch-dm queue Roman Danyliw &lt;rdd@cert.org&gt; Wednesday, November 9. 2005 IETF 64, Vancouver, Canada Status of Issues -05

632 views • 13 slides
IODEF Data Model Status (progress from 03) &lt;draft-ietf-inch-iodef-03&gt; tracked @

IODEF Data Model Status (progress from 03) &lt;draft-ietf-inch-iodef-03&gt; tracked @

IODEF Data Model Status (progress from 03) &lt;draft-ietf-inch-iodef-03&gt; tracked @ https://rt.psg.com : inch-dm queue Roman Danyliw &lt;rdd@cert.org&gt; Wednesday, March 9. 2005 IETF 62, Minneapolis, USA Progress on issues from v03

297 views • 16 slides
IODEF Extensions for Phishing and Other E-Crimeware Patrick Cain Latest Status New draft

IODEF Extensions for Phishing and Other E-Crimeware Patrick Cain Latest Status New draft

IODEF Extensions for Phishing and Other E-Crimeware Patrick Cain Latest Status New draft out. Missed deadline by a little; should show up in repository soon. draft-ietf-inch-phishingextns-02 One Technical change Many

452 views • 5 slides
IODEF Incident object description and exchange format Developed within Terenas TF-CSIRT This

IODEF Incident object description and exchange format Developed within Terenas TF-CSIRT This

IODEF Incident object description and exchange format Developed within Terenas TF-CSIRT This material is public :) Jan Meijer &lt;jan.meijer@surfnet.nl&gt; IODEF: what is it about? Problem statement: define a common data format for sharing

320 views • 9 slides
One Data Model SDF: A brief tutorial and status T2TRG summary meeting @ IETF 107+, April 14, 2020

One Data Model SDF: A brief tutorial and status T2TRG summary meeting @ IETF 107+, April 14, 2020

One Data Model SDF: A brief tutorial and status T2TRG summary meeting @ IETF 107+, April 14, 2020 Carsten Bormann 1 The need for One Data Model IoT standardization is dominated by ecosystem -specific SDOs Each ecosystem has their own

294 views • 14 slides
Model Status Update July 01, 2015 Agenda Purpose Model Development Update Model

Model Status Update July 01, 2015 Agenda Purpose Model Development Update Model

Model Status Update July 01, 2015 Agenda Purpose Model Development Update Model Calibration Status Next Steps Schedule Public Input Purpose Inform stakeholders on status of model development Provide more detailed

325 views • 30 slides
STATUS OF DATA STATUS OF DATA GENERATI ON I N KENYA GENERATI ON I N KENYA ON MI NOR USES ON MI

STATUS OF DATA STATUS OF DATA GENERATI ON I N KENYA GENERATI ON I N KENYA ON MI NOR USES ON MI

STATUS OF DATA STATUS OF DATA GENERATI ON I N KENYA GENERATI ON I N KENYA ON MI NOR USES ON MI NOR USES GLOBAL MINOR USE SUMMIT, 3-7 DECEMBER 2007 ROME ITALY Lucy M. Namu, Chief Analytical Chemist Kenya Plant Health Inspectorate Service

450 views • 26 slides
Model Status Update February 03, 2016 Agenda Land Surface Elevation Updates Baseflows

Model Status Update February 03, 2016 Agenda Land Surface Elevation Updates Baseflows

Model Status Update February 03, 2016 Agenda Land Surface Elevation Updates Baseflows Latest Model Results Model Calibration Status Water Supply Plan Model Scenarios Next Steps Public Input Progress-to-Date Model

388 views • 26 slides
Implementing the IODEF at the CERT/CC Roman Danyliw &lt;rdd@cert.org&gt; INCH IETF 55

Implementing the IODEF at the CERT/CC Roman Danyliw &lt;rdd@cert.org&gt; INCH IETF 55

Implementing the IODEF at the CERT/CC Roman Danyliw &lt;rdd@cert.org&gt; INCH IETF 55 Incident Reporting Forms CERT Coordination Center (CERT/CC) Federal Computer Incident Response Capability (FedCIRC) National

437 views • 9 slides
January 25, 2016 Overview Status of NFSEG Steady-State Model Calibration NFSEG Model

January 25, 2016 Overview Status of NFSEG Steady-State Model Calibration NFSEG Model

Fatih Gordu, PE (SJRWMD) Trey Grubbs (SRWMD) Douglas Durden, PE (SJRWMD) Ron Basso, PG (SWFWMD) January 25, 2016 Overview Status of NFSEG Steady-State Model Calibration NFSEG Model Simulations NFSEG Transient Model Development Status

585 views • 15 slides
Model Status Update February 10, 2016 Agenda Major Reasons for Delay Latest Model Results

Model Status Update February 10, 2016 Agenda Major Reasons for Delay Latest Model Results

Model Status Update February 10, 2016 Agenda Major Reasons for Delay Latest Model Results Model Calibration Status Water Supply Plan Model Scenarios Next Steps Public Input Major Reasons for Delay Land Surface

439 views • 9 slides
DHPT 1.2 Status DEPFET-TB Sep 27. 2016 Status DHPT 1.2 has a major bug: On the 20 bit data

DHPT 1.2 Status DEPFET-TB Sep 27. 2016 Status DHPT 1.2 has a major bug: On the 20 bit data

DHPT 1.2 Status DEPFET-TB Sep 27. 2016 Status DHPT 1.2 has a major bug: On the 20 bit data bus connecting the core to the serializer bits D[0], D[18], and D[19] are shorted to ground. The data link puts out invalid symbols rendering

427 views • 11 slides
RID Draft Update Migrating to IODEF Kathleen M. Moriarty IETF INCH Working Group 04 March 2004

RID Draft Update Migrating to IODEF Kathleen M. Moriarty IETF INCH Working Group 04 March 2004

RID Draft Update Migrating to IODEF Kathleen M. Moriarty IETF INCH Working Group 04 March 2004 This work was sponsored by the Air Force under Air Force Contract Number F19628-00-C-0002. &quot;Opinions, interpretations, conclusions, and

365 views • 8 slides
Relational Model of Data Thomas Schwarz, SJ Data Model Notation for describing data 1.

Relational Model of Data Thomas Schwarz, SJ Data Model Notation for describing data 1.

Relational Model of Data Thomas Schwarz, SJ Data Model Notation for describing data 1. Structure of the Data Conceptual level, not binary 2.Operations on Data Limits on operations are useful! 3.Constraints on Data Data Model In

1.27k views • 81 slides
Status of LIGO Data Analysis Status of LIGO Data Analysis Gabriela Gonzlez Department of

Status of LIGO Data Analysis Status of LIGO Data Analysis Gabriela Gonzlez Department of

Status of LIGO Data Analysis Status of LIGO Data Analysis Gabriela Gonzlez Department of Physics and Astronomy Louisiana State University for the LIGO Scientific Collaboration Dec 17, 2003 GWDAW -8 meeting LIGO schedule LIGO schedule Goal

339 views • 14 slides
Object Oriented Programming in Action Object Oriented Analysis and Design Find and define

Object Oriented Programming in Action Object Oriented Analysis and Design Find and define

Object Oriented Programming in Action Object Oriented Analysis and Design Find and define the objects Organize the objects Describe how the objects interact with one another Define the external behavior of the objects Define

487 views • 23 slides
Towards Implementing Semantic Literature-Based Discovery with a Graph Database E-mail:

Towards Implementing Semantic Literature-Based Discovery with a Graph Database E-mail:

Towards Implementing Semantic Literature-Based Discovery with a Graph Database E-mail: dimitar.hristovski@gmail.com E-mail: dimitar.hristovski@gmail.com Dimitar Hristovski 1 , Andrej Kastrin 2 , Dejan Dinevski 3 , Thomas C. Rindesch 4 1 Faculty

433 views • 21 slides
Discord Bot CHRIS L Discord What is it? Why does it need bots? Existing bots Why

Discord Bot CHRIS L Discord What is it? Why does it need bots? Existing bots Why

Discord Bot CHRIS L Discord What is it? Why does it need bots? Existing bots Why does it need more bots? Wanted Features Convenience Information Grabbing Administration Technologies used Node.js Discord JS

338 views • 12 slides
Chapter 6 : Computer Science Class XI ( As per CBSE Board) Python Fundamentals New Syllabus

Chapter 6 : Computer Science Class XI ( As per CBSE Board) Python Fundamentals New Syllabus

Chapter 6 : Computer Science Class XI ( As per CBSE Board) Python Fundamentals New Syllabus 2019-20 Visit : python.mykvs.in for regular updates Introduction Python 3.0 was released in 2008. Although this version is supposed to be

481 views • 23 slides
5. CVS Commit/merge (+log messages). Differences between versions. Code traceability

5. CVS Commit/merge (+log messages). Differences between versions. Code traceability

Page 1 L IGHTWEIGHT T OOLS FOR S UCCESSFUL P ROJECTS The Open Source Way author: Bertrand Delacrtaz, www.codeconsult.ch event: Cocoon GetTogether 2003, www.orixo.com/events/gt2003/ date: October 7th, 2003 How can we apply the tools used by the

328 views • 11 slides
GAMES A game designed for a purpose other than pure entertainment Applying game mechanics to

GAMES A game designed for a purpose other than pure entertainment Applying game mechanics to

SERIOUS GAMES A game designed for a purpose other than pure entertainment Applying game mechanics to learning, training, working, communicating, using in the fields of defense, education, health care, engineering, politics Why

701 views • 50 slides
Context Matching for Ambient Intelligence Applications Andrei Olaru University

Context Matching for Ambient Intelligence Applications Andrei Olaru University

Context Matching for Ambient Intelligence Applications Andrei Olaru University Politehnica of Bucharest 26.09.2013 0 / 19 Computer . Andrei Olaru Science . SYNASC 2013 &amp; Engineering . Timisoara,

607 views • 34 slides
CMCC Use Case Presentation Edoardo Bucchignani, Paola Mercogliano and ISC team Euromediterranean

CMCC Use Case Presentation Edoardo Bucchignani, Paola Mercogliano and ISC team Euromediterranean

13/03/2013 CMCC Use Case Presentation Edoardo Bucchignani, Paola Mercogliano and ISC team Euromediterranean Center on Climate Change Impact on Soil and Coasts Division Use Case defined in JRA5 Evaluation of the effects of climate changes on

207 views • 10 slides

More recommend