IDS mailing list archives

Re: new intrusion detection system

From: Matt Bing <matt () mutedwarf com>
Date: Thu, 21 Oct 2004 16:51:20 -0400

Herve Debar said:

the IETF effort is the IDMEF/IDXP work. It is still alive :-)


The standard has taken so long to produce, the industry has already shifted 
focus to IPS and flow-analysis that exceed the initial design considerations 
of IDMEF. On top of that, an entirely new field of log aggregators partnering
with IDS vendors have already superceded the need for a standard IDS logging
format. 

It's certainly a hard problem (look how far IDMEF came from CIDF) and it 
makes a lot of important points, but it seems to be the answer to a question 
nobody asked.

full-disclosure: I am *not* a vendor :)

--matt

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

Current thread:

new intrusion detection system Tomas Pluskal (Oct 19)
- Re: new intrusion detection system Gautam Singaraju (Oct 21)
- <Possible follow-ups>
- RE: new intrusion detection system Kendzierski, Charles V. (Oct 21)
  - Re: new intrusion detection system Gautam Singaraju (Oct 21)
  - Re: new intrusion detection system Herve Debar (Oct 21)
    - Re: new intrusion detection system Matt Bing (Oct 21)