IDS mailing list archives
RE: SDEE vs IDMEF ?
From: Yoann Vandoorselaere <yoann () prelude-ids org>
Date: Tue, 16 Mar 2004 02:03:21 +0000
On Fri, 2004-03-12 at 13:41 -0800, Kohlenberg, Toby wrote:
probably because IDMEF has been so slow in developing, it is XML and as such massively slow to generate and because they could sit down the three of them and agree upon something and get it implemented quickly.
If only SDEE was not XML (+ HTTP + SOAP)... Maybe you claim could be valid... However, it is.
As I recall, they are not keeping their format to themselves so anyone can use it and, at least for Snort, if people prefer IDMEF, you can still use it.
As I recall, you have to pay a big amount of buck if you want your voice to be taken into account for developing SDEE. Hardly open heh ? -- Yoann Vandoorselaere <yoann () prelude-ids org> --------------------------------------------------------------------------- Test your IDS Is your IDS deployed correctly? Find out by easily testing it with real-world attacks from CORE IMPACT. Visit: www.coresecurity.com/promos/sf_eids1 to learn more. ---------------------------------------------------------------------------
Current thread:
- SDEE vs IDMEF ? Sebastien Tricaud (Mar 12)
- RE: SDEE vs IDMEF ? Rob Shein (Mar 15)
- RE: SDEE vs IDMEF ? Yoann Vandoorselaere (Mar 15)
- <Possible follow-ups>
- RE: SDEE vs IDMEF ? Kohlenberg, Toby (Mar 15)
- RE: SDEE vs IDMEF ? Yoann Vandoorselaere (Mar 15)
- RE: SDEE vs IDMEF ? Rob Shein (Mar 15)