This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Last revision Both sides next revision | ||
en:index [25.04.2016 15:34] ph@cesnet.cz Fix typo |
en:index [01.02.2017 11:13] ph@cesnet.cz |
||
---|---|---|---|
Line 8: | Line 8: | ||
These amounts of data should not go in vain – unusable here might be useful there, moreover when combined and correlated from various sources. | These amounts of data should not go in vain – unusable here might be useful there, moreover when combined and correlated from various sources. | ||
- | Also, in the last couple of years, a number of projects for automated incident report exchange appeared, namely [[https://warden.cesnet.cz/|Warden]], [[http://abusehelper.be/|AbuseHelper]], [[http://n6.cert.pl/|n6]], [[https://gitorious.org/megatron|Megatron]], [[https://code.google.com/p/collective-intelligence-framework/|CIF]] and [[https://www.prelude-ids.org/|Prelude]]). | + | Also, in the last couple of years, a number of projects for automated incident report exchange appeared, namely [[https://warden.cesnet.cz/|Warden]], [[http://abusehelper.be/|AbuseHelper]], [[https://github.com/certtools/intelmq|IntelMQ]], [[http://n6.cert.pl/|n6]], [[https://gitorious.org/megatron|Megatron]], [[https://code.google.com/p/collective-intelligence-framework/|CIF]] and [[https://www.prelude-ids.org/|Prelude]]). |
The format for security event exchange is not something new – the attempts do exist to define languages or formats that would allow for such an exchange, however none of them have been very successful. We realize we cannot create the perfect one, there is never “one size fits all” solution. We would like to hit some middle ground between complexity of IDMEF and free spirit and structure (or lack thereof) of !AbuseHelper, learn from pitfalls of existing projects and based on experience as members of CSIRT team, propose solutions to some of them on the way, taking into consideration recent evolution and requirements in the field. | The format for security event exchange is not something new – the attempts do exist to define languages or formats that would allow for such an exchange, however none of them have been very successful. We realize we cannot create the perfect one, there is never “one size fits all” solution. We would like to hit some middle ground between complexity of IDMEF and free spirit and structure (or lack thereof) of !AbuseHelper, learn from pitfalls of existing projects and based on experience as members of CSIRT team, propose solutions to some of them on the way, taking into consideration recent evolution and requirements in the field. |