In search of security event standards
Did I post this one before?
I am not sure any of the companies mentioned in the article are actually doing anything to define a new log format standard, other than maybe IBM’s Common Event Infrastructure and Common Base Event format. But even IBM’s making a single log extremely complicated.
Security point products such as IDSes, anti-virus gateways, and vulnerability scanners tend to use proprietary formats for reporting, recording network events, and issuing alerts.
Word!
This is one of the biggest problems for any company trying to aggregate and report on logs. It continues to be one of those areas that require huge effort.
And the standard formats that do exist — such as SNMP and syslog files — are limited in what they can convey.
Well, SNMP and syslog are really just event or log transport standards. They don’t limit what information can be conveyed.
Disclaimer: This is my personal blog. The opinions expressed in this blog are the views of the writer and do not necessarily reflect the views and opinions of VMware.