IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: SDEE vs IDMEF ?

From: Yoann Vandoorselaere <yoann () prelude-ids org>
Date: Tue, 16 Mar 2004 02:13:01 +0000
On Fri, 2004-03-12 at 15:34 -0500, Rob Shein wrote:


The consortium behind SDEE dates back to 1998, according to the press
release:
"ICSA Labs formed the IDSC consortium in 1998 to provide product developers
an open forum within which they could work towards common goals. "
So my guess is that they started before IDMEF began (if one of the first
things they did was start working towards what is now called SDEE), or they
got tired of waiting for IDMEF and decided to take care of it themselves.


Take some time to gather the SDEE draft and notice how it lack any
description of a format for describing alert, which is what IDMEF is all
about. 

There you see that SDEE is seriously lagging behind IDMEF, and doesn't
come with any valid reason for trying to reimplement it. 

The only things SDEE curently define is the messaging system.

-- 
Yoann Vandoorselaere <yoann () prelude-ids org>


---------------------------------------------------------------------------
Test your IDS

Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from CORE IMPACT.

Visit: 
www.coresecurity.com/promos/sf_eids1 to learn more.
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: