I think similar work is being addressed in the sacm wg. David Harrington [email protected]
On Jan 18, 2015, at 3:23 AM, B.-C. Boesch <[email protected]> wrote: > Dear Community, > > Efficiency of Intrusion Detection Systems (IDS) depends on their > configuration and coverage of services. The coverage depends on used IDS with > currently vendor-specific configurations. In case of usage of multiple > systems the operations could become complex. Individual Communication between > management interface and the IDS entities results that current multi-vendor > IDS architectures do not interact with each other. They are independent > coexistent. > > The Internet Draft defines data formats and exchange procedures to > standardize parametrization information exchange into intrusion detection and > response systems from a Manager to an Analyzer. > > The created Intrusion Detection Parametrization Exchange Format (IDPEF) is > intended to be a standard data format to parametrize IDS. The development of > this open standardized format and the Intrusion Detection Message Exchange > Format (IDMEF) will be enable in combination interoperability among > commercial, open source, and research systems, allowing users to > mix-and-match the deployment of these systems according to their strong and > weak points to obtain an optimal IDS implementation. > > The most obvious place to implement IDPEF is in the data channel between a > Manager and an Analyzer of an IDS within this data channel where the Manager > sends the configuration parameters to the Analyzers. But there are other > places where the IDPEF can be useful: > > - Combination of specialized IDS like application-IDS with server-IDS, > WLAN-IDS and network-IDS to one functional interacting meta-IDS. > > - Management of different IDS vendors with one central management interface. > > - Interaction of different IDS by using IDPEF and IDMEF. > > - Parametrization backups and restore of parametrized IDS entities. > > - For a communication between a Manager and a Manager in a multi-stage > management architecture. > > I am happy to invite you to give me feedback, suggestions, notations, hints, > recommendations, etc. to improve the Internet Draft. The initial version of > the Internet Draft could be found at: > > http://www.ietf.org/id/draft-boesch-idxp-idpef-00.txt > > Kind regards, > > B.-C. Boesch > > _______________________________________________ > OPSAWG mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsawg _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
