IDS mailing list archives
RE: SDEE vs IDMEF ?
From: Yoann Vandoorselaere <yoann () prelude-ids org>
Date: Tue, 16 Mar 2004 02:13:01 +0000
On Fri, 2004-03-12 at 15:34 -0500, Rob Shein wrote:
The consortium behind SDEE dates back to 1998, according to the press release: "ICSA Labs formed the IDSC consortium in 1998 to provide product developers an open forum within which they could work towards common goals. " So my guess is that they started before IDMEF began (if one of the first things they did was start working towards what is now called SDEE), or they got tired of waiting for IDMEF and decided to take care of it themselves.
Take some time to gather the SDEE draft and notice how it lack any description of a format for describing alert, which is what IDMEF is all about. There you see that SDEE is seriously lagging behind IDMEF, and doesn't come with any valid reason for trying to reimplement it. The only things SDEE curently define is the messaging system. -- Yoann Vandoorselaere <yoann () prelude-ids org> --------------------------------------------------------------------------- Test your IDS Is your IDS deployed correctly? Find out by easily testing it with real-world attacks from CORE IMPACT. Visit: www.coresecurity.com/promos/sf_eids1 to learn more. ---------------------------------------------------------------------------
Current thread:
- SDEE vs IDMEF ? Sebastien Tricaud (Mar 12)
- RE: SDEE vs IDMEF ? Rob Shein (Mar 15)
- RE: SDEE vs IDMEF ? Yoann Vandoorselaere (Mar 15)
- <Possible follow-ups>
- RE: SDEE vs IDMEF ? Kohlenberg, Toby (Mar 15)
- RE: SDEE vs IDMEF ? Yoann Vandoorselaere (Mar 15)
- RE: SDEE vs IDMEF ? Rob Shein (Mar 15)