OW2con'16 has ended
Thursday, September 22 • 3:45pm - 4:00pm
IDMEF, the Universal Format for Security Alerts

Sign up or log in to save this to your schedule and see who's attending!

The constant growth of cybercrime requires that nations are organizing to unite their defense and protection. In the area of cyber-detection federation requires standardizing in two fields:
- Communications between the various tools and security solutions in order to consolidate and correlate information simply, we will call this communication “intra” Security Centers.
- Communications between different Security Centers Teams  to share information on incidents, we will call this communications “inter” Security Centers (between CSIRT).

Both recognized standards at IETF in this field are:
- IDMEF (Intrusion Detection Message Exchange Format) – RFC 4765
- IODEF (Incident Object Description Exchange Format) – RFC 5070

These two standards are still relatively new and insufficiently deployed on a market still dominated by proprietary formats.

Prelude is a SIEM (Security Information & Event Management). This is a security control tool that fully use IDMEF. Prelude collects and centralizes the company security information of to provide a central point of steering. Thanks to the analysis and correlation of logs, Prelude alerts in real time of intrusion attempts and threats on the network. Prelude offers several tools of investigation and reporting on your big data to identify the weak signals which may prefigure of advanced persistent threats (APT). Finally, Prelude has all the tools to help the operation to simplify operators’ work and risk management.

Subjects of the talk:
- Presentation of Prelude
- The IDMEF format
- How to make an IDMEF sensor in 5 minutes

avatar for Thomas Andrejak

Thomas Andrejak

Technical Manager of Prelude, Communication & Systems
Thomas Andrejak is the product technical manager of Prelude, the SIEM solution made by CS (Communication & Systems).CS is very implicated in the domain of cycbersecurity, with more than 80 security experts.Thomas Andrejak is an expert in security monitoring. He puts his experience... Read More →

Thursday September 22, 2016 3:45pm - 4:00pm
Paris Mozilla Space

Attendees (5)