IDS mailing list archives
RE: SDEE vs IDMEF ?
From: "Kohlenberg, Toby" <toby.kohlenberg () intel com>
Date: Fri, 12 Mar 2004 13:41:25 -0800
probably because IDMEF has been so slow in developing, it is XML and as such massively slow to generate and because they could sit down the three of them and agree upon something and get it implemented quickly. As I recall, they are not keeping their format to themselves so anyone can use it and, at least for Snort, if people prefer IDMEF, you can still use it. I'm not sure why everyone is suprised by this. Vendors have been doing this sort of thing for as long as I can remember. t
-----Original Message----- From: Sebastien Tricaud [mailto:toady () gscore org] Sent: Wednesday, March 10, 2004 11:26 PM To: focus-ids () securityfocus com Subject: SDEE vs IDMEF ? Hi everybody, According to this press release: http://www.trusecure.com/company/press/pr_20040223.shtml SDEE is a Network Intrusion Detection System Alert Format. However, there's already IDMEF (Intrusion Detection Message Exchange Format) for that purpose. You can find the latest IDMEF draft there: http://www1.ietf.org/internet-drafts/draft-ietf-idwg-idmef-xml-11.txt IDMEF will become standardized shortly, I wonder why Cisco, ISS and Sourcefire joined their forces to do something similar. Any idea ? Thanks, Sebastien.
--------------------------------------------------------------------------- Test your IDS Is your IDS deployed correctly? Find out by easily testing it with real-world attacks from CORE IMPACT. Visit: www.coresecurity.com/promos/sf_eids1 to learn more. ---------------------------------------------------------------------------
Current thread:
- SDEE vs IDMEF ? Sebastien Tricaud (Mar 12)
- RE: SDEE vs IDMEF ? Rob Shein (Mar 15)
- RE: SDEE vs IDMEF ? Yoann Vandoorselaere (Mar 15)
- <Possible follow-ups>
- RE: SDEE vs IDMEF ? Kohlenberg, Toby (Mar 15)
- RE: SDEE vs IDMEF ? Yoann Vandoorselaere (Mar 15)
- RE: SDEE vs IDMEF ? Rob Shein (Mar 15)