SDEE vs IDMEF ?

From: Sebastien Tricaud (toady_at_gscore.org)
Date: 03/11/04

  • Next message: Chris Caydes: "symbiot security - april fool's prank ?"
    To: focus-ids@securityfocus.com
    Date: Wed, 10 Mar 2004 23:25:31 -0800
    
    
    

    Hi everybody,

    According to this press release:
    http://www.trusecure.com/company/press/pr_20040223.shtml

    SDEE is a Network Intrusion Detection System Alert Format.

    However, there's already IDMEF (Intrusion Detection Message Exchange
    Format) for that purpose. You can find the latest IDMEF draft there:
    http://www1.ietf.org/internet-drafts/draft-ietf-idwg-idmef-xml-11.txt

    IDMEF will become standardized shortly, I wonder why Cisco, ISS and
    Sourcefire joined their forces to do something similar. Any idea ?

    Thanks,

    Sebastien.

    
    



  • Next message: Chris Caydes: "symbiot security - april fool's prank ?"

    Relevant Pages

    • libidmef 0.7.1 release
      ... The libidmef development team is pleased to announce the release of ... Libidmef is an implementation of IDMEF in c. ... Intrusion Detection Working Group, ... Project Homepage: http://www.silicondefense.com/idwg/libidmef/ ...
      (Focus-IDS)
    • RE: SDEE vs IDMEF ?
      ... XML and as such massively slow to generate and because they ... for Snort, if people prefer IDMEF, you can still use it. ... >SDEE is a Network Intrusion Detection System Alert Format. ... there's already IDMEF (Intrusion Detection Message Exchange ...
      (Focus-IDS)