IDMEFv2 connector for Zabbix
Hello everyone,
As part of the testing of the IETF draft IDMEFv2 (Incident Detection Message Exchange Format) standard, a universal security format to exchange alerts between any security tools (Cyber and Physical) and managers (SIEMs), we have developed an IDMEFv2 connector for Zabbix. The challenge is to define a single format for any kind of incident: cyber-security, physical security, performance issues and even natural hazards.
Currently, this connector supports the following tools:
- Clamav: Anti-virus
- Suricata: NIDS
- Wazuh : HIDS
- Zabbix: Performance monitoring
- ZoneMinder: CCTV – Motion detection
It is available on the IDMEFv2 GitHub repository (https://github.com/IDMEFv2/idmefv2-connectors)
This connector allows you to connect Zabbix to Concerto SIEM (a fork of Prelude OSS), the first IDMEFv2-compatible SIEM (https://github.com/IDMEFv2/Concerto-SIEM ).
Please feel free to download and test it and report any issues or remarks/comments in the GitHub. We are very interested by Zabbix users feedback to tune our connector but also the IDMEFv2 format.
For more information, visit the IDMEFv2 website: https://www.idmefv2.org and subscribe to the IDMEFv2mailing list: https://www.freelists.org/list/idmefv2
The development of this connector was carried out within the framework of the European research project Safe4Soc (Standard Alert Format Exchange for SOCs) (https://safe4soc.eu). The project SAFE4SOC, funded under Grant Agreement No. 101145846, is supported by the European Cybersecurity Competence Centre (ECCC).)
As part of the testing of the IETF draft IDMEFv2 (Incident Detection Message Exchange Format) standard, a universal security format to exchange alerts between any security tools (Cyber and Physical) and managers (SIEMs), we have developed an IDMEFv2 connector for Zabbix. The challenge is to define a single format for any kind of incident: cyber-security, physical security, performance issues and even natural hazards.
Currently, this connector supports the following tools:
- Clamav: Anti-virus
- Suricata: NIDS
- Wazuh : HIDS
- Zabbix: Performance monitoring
- ZoneMinder: CCTV – Motion detection
It is available on the IDMEFv2 GitHub repository (https://github.com/IDMEFv2/idmefv2-connectors)
This connector allows you to connect Zabbix to Concerto SIEM (a fork of Prelude OSS), the first IDMEFv2-compatible SIEM (https://github.com/IDMEFv2/Concerto-SIEM ).
Please feel free to download and test it and report any issues or remarks/comments in the GitHub. We are very interested by Zabbix users feedback to tune our connector but also the IDMEFv2 format.
For more information, visit the IDMEFv2 website: https://www.idmefv2.org and subscribe to the IDMEFv2mailing list: https://www.freelists.org/list/idmefv2
The development of this connector was carried out within the framework of the European research project Safe4Soc (Standard Alert Format Exchange for SOCs) (https://safe4soc.eu). The project SAFE4SOC, funded under Grant Agreement No. 101145846, is supported by the European Cybersecurity Competence Centre (ECCC).)