RE: IDS Correlation

From: Matthew F. Caldwell (mattc@guarded.net)
Date: 03/28/02

Previous message: Jared A. Tucker: "RE: IDS Correlation"
Maybe in reply to: 川市: "IDS Correlation"
Next in thread: Azim, Ozakil: "Re: threat/attack nomenclature/reporting [was Re: IDS Correlation]"
Next in thread: Keith T. Morgan: "RE: IDS Correlation"
Next in thread: 川市: "Re: RE: IDS Correlation"
Maybe reply: 川市: "Re: RE: IDS Correlation"
Reply: Azim, Ozakil: "Re: threat/attack nomenclature/reporting [was Re: IDS Correlation]"
Reply: Marcus J. Ranum: "RE: IDS Correlation"
Reply: Kurt Seifried: "Re: IDS Correlation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 27 Mar 2002 21:07:32 -0500
From: "Matthew F. Caldwell" <mattc@guarded.net>
To: "Jared A. Tucker" <jared.tucker@terradon.com>, <eddonega@WellsFargo.COM>, "Keith T. Morgan" <keith.morgan@terradon.com>

XML is great but bloated,I think the IDWG (IDMEF,IAP etc) DTD could be expanded to cover not just IDS events, however it needs compression. All those tags multiply the data transmitted and in high traffic enviroments this matters greatly.

        -----Original Message-----
        From: Jared A. Tucker [mailto:jared.tucker@terradon.com]
        Sent: Wed 3/27/2002 8:52 PM
        To: eddonega@WellsFargo.COM; Keith T. Morgan; Matthew F. Caldwell
        Cc: xwu@anr.mcnc.org; focus-ids@securityfocus.com
        Subject: RE: IDS Correlation



        For that matter:

        http://www.ietf.org/html.charters/idwg-charter.html



                -----Original Message-----
                From: eddonega@WellsFargo.COM [mailto:eddonega@WellsFargo.COM]
                Sent: Wed 3/27/2002 5:27 PM
                To: Keith T. Morgan; mattc@guarded.net
                Cc: xwu@anr.mcnc.org; focus-ids@securityfocus.com; Jared A. Tucker
                Subject: RE: IDS Correlation



                You might want to check this out ...

                http://www.infosecuritymag.com/articles/june01/columns_standards_watch.shtml
                -----------------------------------------
                Ed Donegan
                Network Intrusion Detection
                Team Lead/CIPD
                Security Product Services
                (415) 243-6459
                eddonega@wellsfargo.com <mailto:eddonega@wellsfargo.com>

                "I could never have invented the Internet without Ed's help." - Al Gore

                -----Original Message-----
                From: Keith T. Morgan [mailto:keith.morgan@terradon.com]
                Sent: Wednesday, March 27, 2002 12:40 PM
                To: Keith T. Morgan; Matthew F. Caldwell
                Cc: Xiaoyong Wu; focus-ids@securityfocus.com; Jared A. Tucker
                Subject: RE: IDS Correlation




                 I've spoken with another security / software engineer here at
                 TCG who is willing to help out. We're likely to stir quite
                 the hornet's nest among IDS/Firewall vendors if this goes
                 very far. I'm all about the stirring. Count me in.

> > > Has anyone submitted an RFC? If this has been done,
> > someone point
> > > me to the appropriate RFC number, because I have some
> > serious reading to
> > > do.
> > >
> >
> > None?
> >
> > Lets work on it.
> >
>

Previous message: Jared A. Tucker: "RE: IDS Correlation"
Maybe in reply to: 川市: "IDS Correlation"
Next in thread: Azim, Ozakil: "Re: threat/attack nomenclature/reporting [was Re: IDS Correlation]"
Next in thread: Keith T. Morgan: "RE: IDS Correlation"
Next in thread: 川市: "Re: RE: IDS Correlation"
Maybe reply: 川市: "Re: RE: IDS Correlation"
Reply: Azim, Ozakil: "Re: threat/attack nomenclature/reporting [was Re: IDS Correlation]"
Reply: Marcus J. Ranum: "RE: IDS Correlation"
Reply: Kurt Seifried: "Re: IDS Correlation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]