Experiences implementing a common format for IDS alerts

摘要: Intrusion detection is an area of increasing concern in the Internet community. In response to this, many automated intrusion systems (IDS) have been developed, e.g., commercial (Real Secure) and public domain (SNORT). However, there no standardized way for IDS communicate with each other or a common manager. To remedy Detection Working Group (IDWG) was chartered under auspices Engineering Task Force. IDWG has published its specifications standard alert format (IDMEF) transport protocol (IDXP).Such remain academic exercise until community adopts them. This forum will discuss issues related adoption and, particular, their implementation use. IDMEF message IDS−generated alerts uses XML as underlying encoding. The designed include (what believed be) fields all important information found current set generated by large subset available systems. It only experience that be able determine if specification both complete reasonable. IDXP, protocol, specific new IETF application level BEEP − RFC 3080. Implementation needed convince IDXP appropriate protocol. begin quick overview standards. introduction followed bye presentations from implementers vendors discussing IDXP; focusing on reference IDMEF, plug−in SNORT, development IDMEF−based manager, activities.