https://idea.cesnet.cz/ 2026-04-15T11:37:31+00:00 https://idea.cesnet.cz/ https://idea.cesnet.cz/_media/logo.png text/html 2016-01-20T14:11:29+00:00 Anonymous (anonymous@undisclosed.example.com) https://idea.cesnet.cz/en/classifications?rev=1453299089&do=diff Classifications and enumerations EventTag: Security event types classification Classification of events for IDEA in the "Category" key is based on abbreviation of slightly extended "mkII" taxonomy (by Don Stikvoort from SURFcert, itself based on eCSIRT.net taxonomy, and formerly Jimmi Arvidsson's taxonomy from Telia CERTCC). For comparison with other taxonomies see text/html 2015-09-25T06:36:34+00:00 Anonymous (anonymous@undisclosed.example.com) https://idea.cesnet.cz/en/definition?rev=1443162994&do=diff IDEA0 format definition Keys use CamelCase, however to avoid confusion, they must be case insensitively unique within their parent object. When parsing, keys "ID", "id", "iD" and "Id" must be considered as equivalent. Each definition line is in form KEY: TYPE, followed by an explanation line, where type can be basic JSON type (in text/html 2015-04-02T16:12:22+00:00 Anonymous (anonymous@undisclosed.example.com) https://idea.cesnet.cz/en/design?rev=1427991142&do=diff Design decisions Terminology Descriptive data formats, and especially security event formats, are based on key:value models, where key can be simple token (in simple variants) or path in directory tree. Hereby we use terms key, attribute and field interchangeably. text/html 2015-03-19T15:49:36+00:00 Anonymous (anonymous@undisclosed.example.com) https://idea.cesnet.cz/en/examples?rev=1426780176&do=diff Examples Scanning { "Format": "IDEA0", "ID": "3ad275e3-559a-45c0-8299-6807148ce157", "DetectTime": "2014-03-22T10:12:56Z", "Category": ["Recon.Scanning"], "ConnCount": 633, "Description": "Ping scan", "Source": [ { "IP4": ["93.184.216.119"], "Proto": ["icmp"] } ], "Target": [ { "Proto": ["icmp"], "IP4": ["93.184.216.0/24"], "Anonymised": true } ] } text/html 2025-04-10T10:57:21+00:00 Anonymous (anonymous@undisclosed.example.com) https://idea.cesnet.cz/en/footer?rev=1744282641&do=diff <https://www.cesnet.cz> Quick access ---------- * Network * Computing * Data storage * Security * Multimedia * Identity Contacts ---------- CESNET, z. s. p. o. Generála Píky 26 160 00 Praha 6 Contact us Admin login Service desk ---------- Tel: +420 234 680 222 GSM: +420 602 252 531 <support@cesnet.cz> General Data Protection Regulation text/html 2021-05-14T11:48:47+00:00 Anonymous (anonymous@undisclosed.example.com) https://idea.cesnet.cz/en/footer1?rev=1620992927&do=diff Links * e-INFRA CZ * CESNET * Personal Data Protection text/html 2023-05-30T12:46:37+00:00 Anonymous (anonymous@undisclosed.example.com) https://idea.cesnet.cz/en/footer2?rev=1685450797&do=diff Contact CESNET, z. s. p. o. Generála Píky 26 16000 Prague 6 Tel: +420 234 680 222 Fax: +420 224 320 269 <info@cesnet.cz> text/html 2017-07-24T08:53:07+00:00 Anonymous (anonymous@undisclosed.example.com) https://idea.cesnet.cz/en/footer3?rev=1500886387&do=diff HelpDesk Tel: +420 234 680 222 GSM: +420 602 252 531 Fax: +420 224 313 211 <support@cesnet.cz> text/html 2026-04-10T13:16:01+00:00 Anonymous (anonymous@undisclosed.example.com) https://idea.cesnet.cz/en/index?rev=1775826961&do=diff Intrusion Detection Extensible Alert IDEA stands for Intrusion Detection Extensible Alert. Even though there exists a variety of models for communication between honeypots, agents, detection probes, none of them is really used because of various limitations for general usage. The IDEA is an attempt to define nowadays requirements and propose foundations for viable solution for security event model, taking into consideration existing formats, their benefits and drawbacks. text/html 2016-01-05T12:57:33+00:00 Anonymous (anonymous@undisclosed.example.com) https://idea.cesnet.cz/en/navigationmenu?rev=1451998653&do=diff * IDEA * Requirements * Other formats * Design * Definition * Classifications * Schema * Examples text/html 2014-12-02T10:19:40+00:00 Anonymous (anonymous@undisclosed.example.com) https://idea.cesnet.cz/en/other_formats?rev=1417515580&do=diff Other formats This page describes our review of existing formats and tries to explain, why we are not using one of them. It works as summarization of benefits and drawbacks of each of them, together with our subjective remarks. IDMEF Intrusion Detection Message Exchange Format is format created exactly for exchange of information about security events between detection probes. text/html 2014-12-02T10:16:22+00:00 Anonymous (anonymous@undisclosed.example.com) https://idea.cesnet.cz/en/requirements?rev=1417515382&do=diff Requirements Our requirements are based mostly on our experience with other formats and are formulated to describe our needs. Your mileage may vary, however our springboard assumptions may explain further choices in design. * We need to gather and exchange communication between automated detection systems and information aggregators of various types. This type of data manifests wide variability, so representation should be extensible enough to be prepared for unexpected or new types of secur… text/html 2024-02-23T15:52:14+00:00 Anonymous (anonymous@undisclosed.example.com) https://idea.cesnet.cz/en/schema?rev=1708703534&do=diff JSON Schema Strict validating schema In line with Jon Postel's robustness principle: * Producers must make sure that all created messages conform to this schema. * Consumers may decide to apply more relaxed checks, however only in cases where IDEA events are not relayed further (and consumer effectively becomes producer). text/html 2024-10-15T11:54:00+00:00 Anonymous (anonymous@undisclosed.example.com) https://idea.cesnet.cz/en/sidebar?rev=1728993240&do=diff