RE: SDEE vs IDMEF ?

["Rob Shein" <shoten () starpower net>]

The consortium behind SDEE dates back to 1998, according to the press
release:
"ICSA Labs formed the IDSC consortium in 1998 to provide product developers
an open forum within which they could work towards common goals. "
So my guess is that they started before IDMEF began (if one of the first
things they did was start working towards what is now called SDEE), or they
got tired of waiting for IDMEF and decided to take care of it themselves.


> -----Original Message-----
> From: Sebastien Tricaud [mailto:toady () gscore org] 
> Sent: Thursday, March 11, 2004 2:26 AM
> To: focus-ids () securityfocus com
> Subject: SDEE vs IDMEF ?
>
>
> Hi everybody,
>
> According to this press release: 
> http://www.trusecure.com/company/press/pr_20040223.shtml
>
> SDEE is a Network Intrusion Detection System Alert Format.
>
> However, there's already IDMEF (Intrusion Detection Message Exchange
> Format) for that purpose. You can find the latest IDMEF draft 
> there: 
> http://www1.ietf.org/internet-drafts/draft-> ietf-idwg-idmef-xml-11.txt
>
> IDMEF will become standardized shortly, I wonder why Cisco, 
> ISS and Sourcefire joined their forces to do something 
> similar. Any idea ?
>
>
> Thanks,
>
> Sebastien.


---------------------------------------------------------------------------
Test your IDS

Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from CORE IMPACT.

Visit: 
www.coresecurity.com/promos/sf_eids1 to learn more.
---------------------------------------------------------------------------