Dear all, As part of the testing of the IETF draft IDMEFv2 (Incident Detection Message Exchange Format) standard, a universal security format to exchange alerts between any security tools (Cyber and Physical) and managers (SIEMs), we have developed an IDMEFv2 connector for ClamAV. The challenge is to define a single format for any kind of incident: cyber-security, physical security, performance issues and even natural hazards.
Currently, this connector supports the following tools: - ClamAV: Anti-virus - Suricata: NIDS - Wazuh : HIDS - Zabbix: Performance monitoring - ZoneMinder: CCTV – Motion detection It is available on the IDMEFv2 GitHub repository ( https://github.com/IDMEFv2/idmefv2-connectors) This connector allows you to connect ClamAV to Concerto SIEM (a fork of Prelude OSS), the first IDMEFv2-compatible SIEM ( https://github.com/IDMEFv2/Concerto-SIEM ). Please feel free to download and test it and report any issues or remarks/comments in the GitHub. We are very interested by ClamAV users feedback to tune our connector but also the IDMEFv2 format. For more information, visit the IDMEFv2 website: https://www.idmefv2.org and subscribe to the IDMEFv2mailing list: https://www.freelists.org/list/idmefv2 The development of this connector was carried out within the framework of the European research project Safe4Soc (Standard Alert Format Exchange for SOCs) (https://safe4soc.eu). The project SAFE4SOC, funded under Grant Agreement No. 101145846, is supported by the European Cybersecurity Competence Centre (ECCC).) Best regards, François Déchelle Teclib _______________________________________________ clamav-devel mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-devel Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
