RE: SDEE vs IDMEF ?

["Kohlenberg, Toby" <toby.kohlenberg () intel com>]

probably because IDMEF has been so slow in developing, it is
XML and as such massively slow to generate and because they 
could sit down the three of them and agree upon something and
get it implemented quickly. As I recall, they are not keeping
their format to themselves so anyone can use it and, at least
for Snort, if people prefer IDMEF, you can still use it.

I'm not sure why everyone is suprised by this. Vendors have been
doing this sort of thing for as long as I can remember.

t 

> -----Original Message-----
> From: Sebastien Tricaud [mailto:toady () gscore org] 
> Sent: Wednesday, March 10, 2004 11:26 PM
> To: focus-ids () securityfocus com
> Subject: SDEE vs IDMEF ?
>
> Hi everybody,
>
> According to this press release:
> http://www.trusecure.com/company/press/pr_20040223.shtml
>
> SDEE is a Network Intrusion Detection System Alert Format.
>
> However, there's already IDMEF (Intrusion Detection Message Exchange
> Format) for that purpose. You can find the latest IDMEF draft there:
> http://www1.ietf.org/internet-drafts/draft-ietf-idwg-idmef-xml-11.txt
>
> IDMEF will become standardized shortly, I wonder why Cisco, ISS and
> Sourcefire joined their forces to do something similar. Any idea ?
>
>
> Thanks,
>
> Sebastien.

---------------------------------------------------------------------------
Test your IDS

Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from CORE IMPACT.

Visit:
www.coresecurity.com/promos/sf_eids1 to learn more.
---------------------------------------------------------------------------