The Common Intrusion Detection Framework - Data Formats
draft-staniford-cidf-data-formats-00

Document Type Expired Internet-Draft (individual)
Authors Brian Tung  , Stuart Staniford-Chen  , Phil Porras  , Clifford Kahn  , Dan Schnackenberg  , Rich Feiertag  , Maureen Stillman 
Last updated 1998-03-16
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-staniford-cidf-data-formats-00.txt

Abstract

This document defines portions of the Common Intrusion Detection Framework (CIDF), specifically the data formats used. CIDF is designed to allow intrusion detection systems (IDS) to interoperate with one another. Two layered formats are defined here: Gidos, which are a high-level data structure intended to allow IDS systems to exchange messages describing the state of the world, events occurring, and recommended actions with somewhat standardized semantics. Gidos can be encoded in CIDF messages, the format for which is also defined here.

Authors

Brian Tung (brian@isi.edu)
Stuart Staniford-Chen (stuart@silicondefense.com)
Phil Porras (porras@csl.sri.com)
Clifford Kahn (c.kahn@opengroup.org)
Dan Schnackenberg (dan@baker.ds.boeing.com)
Rich Feiertag (feiertag@tis.com)
Maureen Stillman (maureen.stillman@nokia.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)