The Common Intrusion Detection Framework - Data Formats

Document Type Expired Internet-Draft (individual)
Authors Brian Tung  , Stuart Staniford-Chen  , Phil Porras  , Clifford Kahn  , Dan Schnackenberg  , Rich Feiertag  , Maureen Stillman 
Last updated 1998-03-16
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document defines portions of the Common Intrusion Detection Framework (CIDF), specifically the data formats used. CIDF is designed to allow intrusion detection systems (IDS) to interoperate with one another. Two layered formats are defined here: Gidos, which are a high-level data structure intended to allow IDS systems to exchange messages describing the state of the world, events occurring, and recommended actions with somewhat standardized semantics. Gidos can be encoded in CIDF messages, the format for which is also defined here.


Brian Tung (
Stuart Staniford-Chen (
Phil Porras (
Clifford Kahn (
Dan Schnackenberg (
Rich Feiertag (
Maureen Stillman (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)