Intrusion Detection Exchange Format (idwg)

In addition to this official charter maintained by the IETF Secretariat, there is additional information about this working group on the Web at:

       Additional IDWG Web Page

Last Modified: 2005-01-26

Chair(s):

  • Michael Erlinger <mike@cs.hmc.edu>

    Security Area Director(s):

  • Russ Housley <housley@vigilsec.com>
  • Sam Hartman <hartmans-ietf@mit.edu>

    Security Area Advisor:

  • Sam Hartman <hartmans-ietf@mit.edu>

    Mailing Lists:

    General Discussion: idwg-l@hmc.edu
    To Subscribe: listkeeper@hmc.edu
    In Body: 'subscribe idwg-l' in the body
    Archive: http://www.izerv.net/idwg-public/

    Description of Working Group:

    Security incidents are becoming more common and more serious, and
    intrusion detection systems are becoming of increasing commercial
    importance.  Numerous intrusion detection systems are important in the
    market and different sites will select different vendors. Since
    incidents are often distributed over multiple sites, it is likely that
    different aspects of a single incident will be visible to different
    systems.  Thus it would be advantageous for diverse intrusion
    detection systems to be able to share data on attacks in progress.

    The purpose of the Intrusion Detection Working Group is to define data
    formats and exchange procedures for sharing information of interest to
    intrusion detection and response systems, and to management systems
    which may need to interact with them.  The Intrusion Detection Working
    Group will coordinate its efforts with other IETF Working Groups.

    The outputs of this working group will be:

    1. A requirements document, which describes the high-level functional
      requirements for communication between intrusion detection systems
      and requirements for communication between intrusion detection
      systems and with management systems, including the rationale for
      those requirements.  Scenarios will be used to illustrate the
      requirements.

    2. A common intrusion language specification, which describes data
      formats that satisfy the requirements.

    3. A framework document, which identifies existing protocols best used
      for communication between intrusion detection systems, and describes
      how the devised data formats relate to them.

    Goals and Milestones:

    Done  Submit Requirements document as an Internet-Draft
    Done  Submit Framework and Language documents as Internet-Drafts
    Done  Submit Requirements document to IESG for consideration as an RFC.
    Done  Submit Language documents to IESG for consideration as RFCs.
    Done  Submitt transport documnet to IESG for consideration as RFCs

    No Current Internet-Drafts

    Request For Comments:

    The TUNNEL Profile (RFC 3620) (35365 bytes)
    Intrusion Detection Mesage Exchange Requirements (RFC 4766) (50816 bytes)
    The Intrusion Detection Message Exchange Format (IDMEF) (RFC 4765) (307966 bytes)
    The Intrusion Detection Exchange Protocol (IDXP) (RFC 4767) (56048 bytes)
    IETF Secretariat - Please send questions, comments, and/or suggestions to ietf-web@ietf.org.

    Return to working group directory.

    Return to IETF home page.