[siem-users] Testing
Anton Chuvakin
anton at chuvakin.org
Tue Dec 21 21:05:49 UTC 2010
> Sorry for the long winded answer, but adoption is going to be a huge effort and we need
>everyones help to get it out there. We have RedHat and Microsoft on the board. Hope that will
IMHO, it will be adopted - to some extent. The team has studied all
the past (failed) efforts to get logging standardized - from IDMEF
(sorry! :-)) to SDEE and others.
Adoption will include:
- adoption by log producers. of course, major software vendors will be
slow to adopt, but converters will help - e.g. Windows XML -> CEE is
one of the use cases which will almost definitely happen. Small
vendors will jump- some are already jumping to adopt CEF (from AS/HP)
since it is easy to do and they want their logs collected/correlated
- adoption by consumers such as SIEM and log mgt product. These guys
will only benefit so adoption is nearly assured - again with
mapping/conversion first
- adoption by operators of the above systems: MITRE + US Govt =
standard adoption magic :-)
--
Dr. Anton Chuvakin
Site: http://www.chuvakin.org
Blog: http://www.securitywarrior.org
LinkedIn: http://www.linkedin.com/in/chuvakin
Consulting: http://www.securitywarriorconsulting.com
Twitter: @anton_chuvakin
Google Voice: +1-510-771-7106
More information about the Discussion
mailing list