On Wed, 4 Apr 2001, Mike Ruscher wrote:

> The CDIF promised some early hope that this would be realized in a
> reasonable timeframe. I haven't heard a peep out of that community, nor the
> IETF, since the infamous "demo" CIDF experiment a long while ago.

For all intents and purposes (for various reasons), CDIF is dead and gone
(yes, the site is still out there) and the good things that came out of it
have been rolled into the IDWG (Intrusion Detection Working Group, part of
the IETF).

Have a look at http://www.ietf.org/html.charters/idwg-charter.html

The intent is to have the documents proceed to draft status at the August
meeting of the IETF, though that is obviously not guaranteed. Progress
looks promising, as there are various implementations at different stages
of completion, and there is talk of at least one of the major vendors
committing to plugging in support for the standards (don't ask who, as I
can't say).

snort even already has support for the IDMEF (Intrusion Detection Message
Exchange Format). See http://www.silicondefense.com/idwg/snort-idmef/

As you can tell, I'm hyping this since I'm all in favor of open-standards,
which I think will allow the IDS industry to come to the next level of
maturity.

--
        -- Patrick
Patrick Mueller   ===   Security Analyst   ===   <pmuellerneohapsis.com>
          -----   Neohapsis <www.neohapsis.com>   -----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]