Current Meeting Report
Jabber Logs

2.6.4 Intrusion Detection Exchange Format (idwg)

NOTE: This charter is a snapshot of the 55th IETF Meeting in Altanta, Georgia USA. It may now be out-of-date.

Last Modifield: 04/04/2002

Michael Erlinger <>
Stuart Staniford-Chen <>
Security Area Director(s):
Jeffrey Schiller <>
Steve Bellovin <>
Security Area Advisor:
Steve Bellovin <>
Mailing Lists:
General Discussion:
To Subscribe:
Description of Working Group:
Security incidents are becoming more common and more serious, and intrusion detection systems are becoming of increasing commercial importance. Numerous intrusion detection systems are important in the market and different sites will select different vendors. Since incidents are often distributed over multiple sites, it is likely that different aspects of a single incident will be visible to different systems. Thus it would be advantageous for diverse intrusion detection systems to be able to share data on attacks in progress.

The purpose of the Intrusion Detection Working Group is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, and to management systems which may need to interact with them. The Intrusion Detection Working Group will coordinate its efforts with other IETF Working Groups.

The outputs of this working group will be:

1. A requirements document, which describes the high-level functional requirements for communication between intrusion detection systems and requirements for communication between intrusion detection systems and with management systems, including the rationale for those requirements. Scenarios will be used to illustrate the requirements.

2. A common intrusion language specification, which describes data formats that satisfy the requirements.

3. A framework document, which identifies existing protocols best used for communication between intrusion detection systems, and describes how the devised data formats relate to them.

Goals and Milestones:
Done  Submit Requirements document as an Internet-Draft
Done  Submit Framework and Language documents as Internet-Drafts
Done  Submit Requirements document to IESG for consideration as an RFC.
Done  Submit Language documents to IESG for consideration as RFCs.
Done  Submitt transport documnet to IESG for consideration as RFCs
  • - draft-ietf-idwg-requirements-07.txt
  • - draft-ietf-idwg-idmef-xml-07.txt
  • - draft-ietf-idwg-beep-tunnel-02.txt
  • - draft-ietf-idwg-beep-idxp-05.txt
  • No Request For Comments

    Current Meeting Report

    Minutes Minutes, 55th IETF
    Intrusion Detection Working Group (IDWG) of the Security Area.
    TThe IDWG met at 0900 on Thursday of the 55th IETF, Atlanta
    Mike Erlinger reviewed agenda.  The group had no changes to propose.
    Mike gave an overview of the status of each of the groups four 
    IESG reviewed and made various minor editorial comments.  Now back in the 
    AD's inbox.  Version 07 to mail list, and 07 posted.
    IESG reviewed and requested various minor changes.  Version 04 to mail 
    list, 04 posted.
    Requirements doc.
    IESG reviewed and suggested minor changes.  Version 10 to mail list, 10 
    IDMEF - AD reviewed and requested various minor changes, a couple that were 
    actually substantive (basically the document wasn't completely XML 
    compliant).  Version 09 to mailing list, 07 is posted (didn't quite make the 
    deadline).  The AD requested we take out the long intro on XML and make it a 
    separate document, but we will keep it.
    All documents are now with Steve Bellovin who has committed to act on them 
    within two weeks.
    Status of group:
    Idle awaiting action by IESG.


    None received.