Dear David,
thanks for your hint to the SACM WG. I have also posted it within the
SACM community for any comments, feedback, suggestions, notations,
hints, recommendations, etc. but haven´t received any response or
feedback to the Internet Draft so far. I hope this will change and a
lively discussion is going to come up.
Kind regards
B.-C. Boesch
Am 02.02.2015 um 18:32 schrieb David Harrington:
I think similar work is being addressed in the sacm wg.
David Harrington
ietfdbh(_at_)comcast(_dot_)net
On Jan 18, 2015, at 3:23 AM, B.-C. Boesch <bjoernboesch(_at_)gmx(_dot_)net>
wrote:
Dear Community,
Efficiency of Intrusion Detection Systems (IDS) depends on their configuration
and coverage of services. The coverage depends on used IDS with currently
vendor-specific configurations. In case of usage of multiple systems the
operations could become complex. Individual Communication between management
interface and the IDS entities results that current multi-vendor IDS
architectures do not interact with each other. They are independent coexistent.
The Internet Draft defines data formats and exchange procedures to standardize
parametrization information exchange into intrusion detection and response
systems from a Manager to an Analyzer.
The created Intrusion Detection Parametrization Exchange Format (IDPEF) is
intended to be a standard data format to parametrize IDS. The development of
this open standardized format and the Intrusion Detection Message Exchange
Format (IDMEF) will be enable in combination interoperability among commercial,
open source, and research systems, allowing users to mix-and-match the
deployment of these systems according to their strong and weak points to obtain
an optimal IDS implementation.
The most obvious place to implement IDPEF is in the data channel between a
Manager and an Analyzer of an IDS within this data channel where the Manager
sends the configuration parameters to the Analyzers. But there are other places
where the IDPEF can be useful:
- Combination of specialized IDS like application-IDS with server-IDS, WLAN-IDS
and network-IDS to one functional interacting meta-IDS.
- Management of different IDS vendors with one central management interface.
- Interaction of different IDS by using IDPEF and IDMEF.
- Parametrization backups and restore of parametrized IDS entities.
- For a communication between a Manager and a Manager in a multi-stage
management architecture.
I am happy to invite you to give me feedback, suggestions, notations, hints,
recommendations, etc. to improve the Internet Draft. The initial version of the
Internet Draft could be found at:
http://www.ietf.org/id/draft-boesch-idxp-idpef-00.txt
Kind regards,
B.-C. Boesch
_______________________________________________
OPSAWG mailing list
OPSAWG(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/opsawg