IDS mailing list archives
RE: SDEE vs IDMEF ?
From: "Rob Shein" <shoten () starpower net>
Date: Fri, 12 Mar 2004 15:34:06 -0500
The consortium behind SDEE dates back to 1998, according to the press release: "ICSA Labs formed the IDSC consortium in 1998 to provide product developers an open forum within which they could work towards common goals. " So my guess is that they started before IDMEF began (if one of the first things they did was start working towards what is now called SDEE), or they got tired of waiting for IDMEF and decided to take care of it themselves.
-----Original Message----- From: Sebastien Tricaud [mailto:toady () gscore org] Sent: Thursday, March 11, 2004 2:26 AM To: focus-ids () securityfocus com Subject: SDEE vs IDMEF ? Hi everybody, According to this press release: http://www.trusecure.com/company/press/pr_20040223.shtml SDEE is a Network Intrusion Detection System Alert Format. However, there's already IDMEF (Intrusion Detection Message Exchange Format) for that purpose. You can find the latest IDMEF draft there: http://www1.ietf.org/internet-drafts/draft-> ietf-idwg-idmef-xml-11.txt IDMEF will become standardized shortly, I wonder why Cisco, ISS and Sourcefire joined their forces to do something similar. Any idea ? Thanks, Sebastien.
--------------------------------------------------------------------------- Test your IDS Is your IDS deployed correctly? Find out by easily testing it with real-world attacks from CORE IMPACT. Visit: www.coresecurity.com/promos/sf_eids1 to learn more. ---------------------------------------------------------------------------
Current thread:
- SDEE vs IDMEF ? Sebastien Tricaud (Mar 12)
- RE: SDEE vs IDMEF ? Rob Shein (Mar 15)
- RE: SDEE vs IDMEF ? Yoann Vandoorselaere (Mar 15)
- <Possible follow-ups>
- RE: SDEE vs IDMEF ? Kohlenberg, Toby (Mar 15)
- RE: SDEE vs IDMEF ? Yoann Vandoorselaere (Mar 15)
- RE: SDEE vs IDMEF ? Rob Shein (Mar 15)