IDS mailing list archives
Re: new intrusion detection system
From: Herve Debar <herve.debar () francetelecom com>
Date: Thu, 21 Oct 2004 18:19:30 +0200
Charles, Kendzierski, Charles V. wrote:
You bring up a good point in regards to common reporting output format for IDSs. In the late 90s, the IETF embarked upon the development of a Common Intrusion Detection Framework (CIDF). Standardizing of events, alarms, and reporting was one such goal. Unfortunately, for whatever reason, the group's efforts at a CIDF ceased momentum in early 2000. I have been unable to find any updates on the IETF's efforts in this regard. A CIDF can and should be supported for each IDS (NIDS, HIDS, and to a larger extent firewalls and layer three devices) but understand an agreement on a CIDF is primal to this capability being provided.
the IETF effort is the IDMEF/IDXP work. It is still alive :-) Hervé -- Hervé Debar <mailto:herve.debar () francetelecom com> Tel: +33 (0)2 31 75 92 61 GSM: +33 (0)6 74 09 09 66 France Télécom R&D Fax: +33 (0)2 31 75 93 13 42 rue des Coutures (--) BP 6243 (--) F-14066 Caen Cedex 4 -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- new intrusion detection system Tomas Pluskal (Oct 19)
- Re: new intrusion detection system Gautam Singaraju (Oct 21)
- <Possible follow-ups>
- RE: new intrusion detection system Kendzierski, Charles V. (Oct 21)
- Re: new intrusion detection system Gautam Singaraju (Oct 21)
- Re: new intrusion detection system Herve Debar (Oct 21)
- Re: new intrusion detection system Matt Bing (Oct 21)