Re: new intrusion detection system

[Herve Debar <herve.debar () francetelecom com>]

Charles,

Kendzierski, Charles V. wrote:
>     You bring up a good point in regards to common reporting output format
> for IDSs. In the late 90s, the IETF embarked upon the development of a
> Common Intrusion Detection Framework (CIDF). Standardizing of events,
> alarms, and reporting was one such goal. Unfortunately, for whatever reason,
> the group's efforts at a CIDF ceased momentum in early 2000. I have been
> unable to find any updates on the IETF's efforts in this regard. A CIDF can
> and should be supported for each IDS (NIDS, HIDS, and to a larger extent
> firewalls and layer three devices) but understand an agreement on a CIDF is
> primal to this capability being provided.

the IETF effort is the IDMEF/IDXP work. It is still alive :-)

Hervé
--
Hervé Debar             <mailto:herve.debar () francetelecom com>
Tel: +33 (0)2 31 75 92 61            GSM: +33 (0)6 74 09 09 66
France Télécom R&D                   Fax: +33 (0)2 31 75 93 13
42 rue des Coutures  (--)  BP 6243  (--)  F-14066 Caen Cedex 4


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------