SDEE vs IDMEF ?

From: Sebastien Tricaud (toady_at_gscore.org)
Date: 03/11/04

Next message: Chris Caydes: "symbiot security - april fool's prank ?"

Previous message: John Bedrick: "Re: Entercept HIDS Question"
Next in thread: Kohlenberg, Toby: "RE: SDEE vs IDMEF ?"
Maybe reply: Kohlenberg, Toby: "RE: SDEE vs IDMEF ?"
Reply: Rob Shein: "RE: SDEE vs IDMEF ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: focus-ids@securityfocus.com
Date: Wed, 10 Mar 2004 23:25:31 -0800

Hi everybody,

SDEE is a Network Intrusion Detection System Alert Format.

However, there's already IDMEF (Intrusion Detection Message Exchange
Format) for that purpose. You can find the latest IDMEF draft there:
http://www1.ietf.org/internet-drafts/draft-ietf-idwg-idmef-xml-11.txt

IDMEF will become standardized shortly, I wonder why Cisco, ISS and
Sourcefire joined their forces to do something similar. Any idea ?

Thanks,

Sebastien.

Next message: Chris Caydes: "symbiot security - april fool's prank ?"

Previous message: John Bedrick: "Re: Entercept HIDS Question"
Next in thread: Kohlenberg, Toby: "RE: SDEE vs IDMEF ?"
Maybe reply: Kohlenberg, Toby: "RE: SDEE vs IDMEF ?"
Reply: Rob Shein: "RE: SDEE vs IDMEF ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

libidmef 0.7.1 release
... The libidmef development team is pleased to announce the release of ... Libidmef is an implementation of IDMEF in c. ... Intrusion Detection Working Group, ... Project Homepage: http://www.silicondefense.com/idwg/libidmef/ ...
(Focus-IDS)
RE: SDEE vs IDMEF ?
... XML and as such massively slow to generate and because they ... for Snort, if people prefer IDMEF, you can still use it. ... >SDEE is a Network Intrusion Detection System Alert Format. ... there's already IDMEF (Intrusion Detection Message Exchange ...
(Focus-IDS)