IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: SDEE vs IDMEF ?

From: Yoann Vandoorselaere <yoann () prelude-ids org>
Date: Tue, 16 Mar 2004 02:03:21 +0000
On Fri, 2004-03-12 at 13:41 -0800, Kohlenberg, Toby wrote:


probably because IDMEF has been so slow in developing, it is
XML and as such massively slow to generate and because they 
could sit down the three of them and agree upon something and
get it implemented quickly. 


If only SDEE was not XML (+ HTTP + SOAP)...
Maybe you claim could be valid... However, it is.


As I recall, they are not keeping
their format to themselves so anyone can use it and, at least
for Snort, if people prefer IDMEF, you can still use it.


As I recall, you have to pay a big amount of buck if you want your voice
to be taken into account for developing SDEE.  Hardly open heh ?

-- 
Yoann Vandoorselaere <yoann () prelude-ids org>


---------------------------------------------------------------------------
Test your IDS

Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from CORE IMPACT.

Visit: 
www.coresecurity.com/promos/sf_eids1 to learn more.
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: