|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: new intrusion detection system
From: Matt Bing (matt
mutedwarf.com)
Date: Thu Oct 21 2004 - 15:51:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Herve Debar said:
> the IETF effort is the IDMEF/IDXP work. It is still alive :-)
The standard has taken so long to produce, the industry has already shifted
focus to IPS and flow-analysis that exceed the initial design considerations
of IDMEF. On top of that, an entirely new field of log aggregators partnering
with IDS vendors have already superceded the need for a standard IDS logging
format.
It's certainly a hard problem (look how far IDMEF came from CIDF) and it
makes a lot of important points, but it seems to be the answer to a question
nobody asked.
full-disclosure: I am *not* a vendor :)
--matt
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]