Firewall Wizards mailing list archives
IETF working group on Intrusion Detection Exchange Format
From: Vern Paxson <vern () ee lbl gov>
Date: Mon, 23 Nov 1998 10:02:19 PST
Per the discussion on the list a few weeks ago. Vern ------- Forwarded Message Date: Mon, 23 Nov 1998 09:53:46 -0500 From: The IESG <iesg-secretary () ietf org> Subject: WG ACTION: Intrusion Detection Exchange Format (idwg) To: IETF-Announce: ; Sender: scoya () ns cnri reston va us A new working group has been formed in the Security Area of the IETF. Please contact the chairs for additional information. Intrusion Detection Exchange Format (idwg) - ------------------------------------------ Current Status: Active Working Group Chair(s): Michael Erlinger <mike () cs hmc edu> Stuart Staniford-Chen <stanifor () cs ucdavis edu> Security Area Director(s): Jeffrey Schiller <jis () mit edu> Marcus Leech <mleech () nortel ca> Security Area Advisor: Jeffrey Schiller <jis () mit edu> Mailing Lists: General Discussion:idwg-public () zurich ibm com To Subscribe: idwg-public-request () zurich ibm com Archive: http://www.semper.org/idwg-public/ Description of Working Group: Security incidents are becoming more common and more serious, and intrusion detection systems are becoming of increasing commercial importance. Numerous intrusion detection systems are important in the market and different sites will select different vendors. Since incidents are often distributed over multiple sites, it is likely that different aspects of a single incident will be visible to different systems. Thus it would be advantageous for diverse intrusion detection systems to be able to share data on attacks in progress. The purpose of the Intrusion Detection Working Group is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, and to management systems which may need to interact with them. The Intrusion Detection Working Group will coordinate its efforts with other IETF Working Groups. The outputs of this working group will be: 1. A requirements document, which describes the high-level functional requirements for communication between intrusion detection systems and requirements for communication between intrusion detection systems and with management systems, including the rationale for those requirements. Scenarios will be used to illustrate the requirements. 2. A common intrusion language specification, which describes data formats that satisfy the requirements. 3. A framework document, which identifies existing protocols best used for communication between intrusion detection systems, and describes how the devised data formats relate to them. Goals and Milestones: Apr 99 Submit Requirements document as an Internet-Draft Aug 99 Submit Framework and Language documents as Internet-Drafts Aug 99 Submit Requirements document to IESG for consideration as an RFC. Dec 99 Submit Framework and Language documents to IESG for consideration as RFCs. ------- End of Forwarded Message
Current thread:
- IETF working group on Intrusion Detection Exchange Format Vern Paxson (Nov 27)