IDMEF and IODEF
IDMEFv1
IDMEF-Message
Alert
Analyzer
Assessment
Classification
File
FileAccess
Heartbeat
Linkage
Node
Service
Source
Target
User
IDMEFv2
IDMEF-Message
Alert
Analyzer
Assessment
Classification
File
FileAccess
Heartbeat
Linkage
Node
Service
Source
Target
Transaction
User
IODEFv1
IODEF-Document
AlternativeID
Assessment
Contact
EventData
Expectation
Flow
History
HistoryItem
Incident
Method
Node
Record
RecordData
RelatedActivity
Service
System
IODEFv2
IODEF-Document
AlternativeID
AlternativeIndicatorID
Assessment
BulkObservable
BulkObservableFormat
CertificateData
Contact
Discovery
DomainContacts
DomainData
EmailData
EventData
Expectation
File
FileData
Flow
HashData
History
HistoryItem
Incident
Indicator
IndicatorData
IndicatorExpression
Method
Nameservers
Node
Observable
Record
RecordData
RelatedActivity
Service
System
WindowsRegistryKeysModified
RFC
IDMEFv1 (4765)
IDMEFv2 (no official RFC)
IODEFv1 (5070)
IODEFv2 (7970)
IDMEF
v1
v2
IODEF
v1
v2
IDMEFv1
Action
AdditionalData
Address
Alert
Analyzer
AnalyzerTime
Assessment
Checksum
Classification
Confidence
CorrelationAlert
CreateTime
DetectTime
File
FileAccess
Heartbeat
IDMEF-Message
Impact
Inode
Linkage
Node
OverflowAlert
Process
Reference
SNMPService
Service
Source
Target
ToolAlert
User
UserId
WebService
IDMEFv2
Action
AdditionalData
Address
Alert
Analyzer
AnalyzerTime
Assessment
Checksum
Classification
Confidence
CorrelationAlert
CreateTime
DetectTime
File
FileAccess
Heartbeat
IDMEF-Message
Impact
Inode
Linkage
Node
OverflowAlert
Process
Reference
SNMPService
Service
Source
Stream
Target
ToolAlert
Transaction
User
UserId
WebService
IODEFv1
AdditionalData
Address
AlternativeID
Application
Assessment
Confidence
Contact
Counter
Email
EventData
Expectation
Flow
History
HistoryItem
IODEF-Document
Impact
Incident
IncidentID
Method
MonetaryImpact
Node
NodeRole
OperatingSystem
PostalAddress
Record
RecordData
RecordItem
RecordPattern
Reference
RegistryHandle
RelatedActivity
Service
System
TimeImpact
IODEFv2
Address
AlternativeID
AlternativeIndicatorID
ApplicationHeader
Assessment
AttackPhase
BulkObservable
BulkObservableFormat
BusinessImpact
Campaign
Certificate
CertificateData
Confidence
Contact
Counter
DetectionPattern
Discovery
DomainContacts
DomainData
Email
EmailData
EventData
Expectation
File
FileData
Flow
FuzzyHash
Hash
HashData
History
HistoryItem
IODEF-Document
Incident
IncidentID
Indicator
IndicatorData
IndicatorExpression
IndicatorID
IndicatorReference
Key
Method
MonetaryImpact
Nameservers
Node
NodeRole
Observable
ObservableReference
PostalAddress
Record
RecordData
RecordPattern
Reference
RegistryHandle
RelatedActivity
Service
ServiceName
SignatureData
System
SystemImpact
Telephone
ThreatActor
TimeImpact
WindowsRegistryKeysModified