Intrusion Detection Exchange Format (idwg) Internet Drafts

      
 Intrusion Detection Mesage Exchange Requirements
 
 draft-ietf-idwg-requirements-10.txt
 Date: 23/10/2002
 Authors: Mark Wood, Michael Erlinger
 Working Group: Intrusion Detection Exchange Format (idwg)
 Formats: txt
The purpose of the Intrusion Detection Exchange Format Working Group (IDWG) is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, and to the management systems which may need to interact with them. This Internet-Draft describes the high-level requirements for such a communication mechanism, including the rationale for those requirements where clarification is needed. Scenarios are used to illustrate some requirements.
 The Intrusion Detection Message Exchange Format
 
 draft-ietf-idwg-idmef-xml-16.txt
 Date: 22/03/2006
 Authors: Hervé Debar
 Working Group: Intrusion Detection Exchange Format (idwg)
 Formats: txt
The purpose of the Intrusion Detection Message Exchange Format (IDMEF) is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, and to the management systems which may need to interact with them. This Internet-Draft describes a data model to represent information exported by intrusion detection systems, and explains the rationale for using this model. An implementation of the data model in the Extensible Markup Language (XML) is presented, an XML Document Type Definition is developed, and examples are provided.
 The Intrusion Detection Exchange Protocol (IDXP)
 
 draft-ietf-idwg-beep-idxp-07.txt
 Date: 23/10/2002
 Authors: Benjamin Feinstein, Gregory Matthews, John White
 Working Group: Intrusion Detection Exchange Format (idwg)
 Formats: txt
This memo describes the Intrusion Detection Exchange Protocol (IDXP), an application-level protocol for exchanging data between intrusion detection entities. IDXP supports mutual-authentication, integrity, and confidentiality over a connection-oriented protocol. The protocol provides for the exchange of IDMEF messages, unstructured text, and binary data. The IDMEF message elements are described in the Intrusion Detection Message Exchange Format (IDMEF) [2], a companion document of the Intrusion Detection Exchange Format (IDWG) working group of the IETF.

Intrusion Detection Exchange Format (idwg)

In addition to this official charter maintained by the IETF Secretariat, there is additional information about this working group on the Web at:

       Additional IDWG Web Page

Last Modified: 2005-01-26

Chair(s):

  • Michael Erlinger <mike@cs.hmc.edu>

    Security Area Director(s):

  • Russ Housley <housley@vigilsec.com>
  • Sam Hartman <hartmans-ietf@mit.edu>

    Security Area Advisor:

  • Sam Hartman <hartmans-ietf@mit.edu>

    Mailing Lists:

    General Discussion: idwg-l@hmc.edu
    To Subscribe: listkeeper@hmc.edu
    In Body: 'subscribe idwg-l' in the body
    Archive: http://www.izerv.net/idwg-public/

    Description of Working Group:

    Security incidents are becoming more common and more serious, and
    intrusion detection systems are becoming of increasing commercial
    importance.  Numerous intrusion detection systems are important in the
    market and different sites will select different vendors. Since
    incidents are often distributed over multiple sites, it is likely that
    different aspects of a single incident will be visible to different
    systems.  Thus it would be advantageous for diverse intrusion
    detection systems to be able to share data on attacks in progress.

    The purpose of the Intrusion Detection Working Group is to define data
    formats and exchange procedures for sharing information of interest to
    intrusion detection and response systems, and to management systems
    which may need to interact with them.  The Intrusion Detection Working
    Group will coordinate its efforts with other IETF Working Groups.

    The outputs of this working group will be:

    1. A requirements document, which describes the high-level functional
      requirements for communication between intrusion detection systems
      and requirements for communication between intrusion detection
      systems and with management systems, including the rationale for
      those requirements.  Scenarios will be used to illustrate the
      requirements.

    2. A common intrusion language specification, which describes data
      formats that satisfy the requirements.

    3. A framework document, which identifies existing protocols best used
      for communication between intrusion detection systems, and describes
      how the devised data formats relate to them.

    Goals and Milestones:

    Done  Submit Requirements document as an Internet-Draft
    Done  Submit Framework and Language documents as Internet-Drafts
    Done  Submit Requirements document to IESG for consideration as an RFC.
    Done  Submit Language documents to IESG for consideration as RFCs.
    Done  Submitt transport documnet to IESG for consideration as RFCs

    Internet-Drafts:

    Intrusion Detection Mesage Exchange Requirements (56951 bytes)
    The Intrusion Detection Message Exchange Format (324256 bytes)
    The Intrusion Detection Exchange Protocol (IDXP) (63606 bytes)

    Request For Comments:

    The TUNNEL Profile (RFC 3620) (35365 bytes)
    IETF Secretariat - Please send questions, comments, and/or suggestions to ietf-web@ietf.org.

    Return to working group directory.

    Return to IETF home page.