Intrusion Detection Message Exchange Format Comparison of SMI and XML Implementations
draft-mansfield-curry-idmef-xmlsmi-01

Document Type Expired Internet-Draft (individual)
Authors David Curry  , Glenn Mansfield 
Last updated 2000-03-06
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-mansfield-curry-idmef-xmlsmi-01.txt

Abstract

The purpose of the Intrusion Detection Message Exchange Format (IDMEF) is to define data formats and exchange procedures for sharing information of interest to intrusion detection and response systems, and to the management systems which may need to interact with them. The goals and requirements of the IDMEF are described in [3]. Two implementations of the IDMEF data format have been proposed: one using the Structure of Management Information (SMI) to describe an SNMP MIB, and the other using a Document Type Definition (DTD) to describe XML documents. Both representations appear to have their good and bad traits, and deciding between them is difficult. To arrive at an informed decision, the working group tasked the authors to identify and analyze the pros and cons of both approaches, and present the results in the form of an Internet-Draft.

Authors

David Curry (davy@ecn.purdue.edu)
Glenn Mansfield (glenn@cysols.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)