This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
en:index [19.03.2015 16:47] 127.0.0.1 external edit |
en:index [25.04.2016 15:34] ph@cesnet.cz Fix typo |
||
---|---|---|---|
Line 3: | Line 3: | ||
**The specification is nearly definitive. We expect only minor changes.** | **The specification is nearly definitive. We expect only minor changes.** | ||
- | //IDEA// stands for //Intrusion Detection Extensible Alert//. Even though there exists a variety of models for communication between honeypots, agents, detection probes, none of them is really used because of various limitations for general usage. The is attempt to define nowadays requirements and propose foundations for viable solution for security event model, taking into consideration existing formats, their benefits and drawbacks. | + | //IDEA// stands for //Intrusion Detection Extensible Alert//. Even though there exists a variety of models for communication between honeypots, agents, detection probes, none of them is really used because of various limitations for general usage. The IDEA is an attempt to define nowadays requirements and propose foundations for viable solution for security event model, taking into consideration existing formats, their benefits and drawbacks. |
Many administrators run various types of intrusion detection systems, be it honeypots, analysers of systems or system logs, traffic analysers, netflow probes or others. Multitude of data is generated every day, however most of it stays local. Administrators sieve out what is relevant for them and rest of the data goes mostly unused. | Many administrators run various types of intrusion detection systems, be it honeypots, analysers of systems or system logs, traffic analysers, netflow probes or others. Multitude of data is generated every day, however most of it stays local. Administrators sieve out what is relevant for them and rest of the data goes mostly unused. | ||
Line 48: | Line 48: | ||
}, | }, | ||
{ | { | ||
- | "Type": ["CasualIP"], | ||
"IP4": ["10.2.2.0/24"], | "IP4": ["10.2.2.0/24"], | ||
"Anonymised": true | "Anonymised": true | ||
Line 68: | Line 67: | ||
"Node": [ | "Node": [ | ||
{ | { | ||
- | "Name": "kippo-honey", | + | "Name": "cz.cesnet.kippo-honey", |
- | "Realm": "cesnet.cz", | + | "Type": ["Protocol", "Honeypot"], |
- | "Tags": ["Protocol", "Honeypot"], | + | "SW": ["Kippo"], |
- | "SW": "Kippo", | + | |
"AggrWin": "00:05:00" | "AggrWin": "00:05:00" | ||
} | } |