Dear community,
I have post the attached draft and looking for feedback from people with
security management and / or security (IDS) operations expertise
(including IDS developer). I am particularly interested in your opinions
on the communication proceedings, the parametrization methodology and
the provided attributes (and such I did not think of). If the text needs
updating by your point of view, please let me know that as well. Here is
the link to the new draft:
http://www.ietf.org/id/draft-boesch-idxp-idpef-01.txt
At the first view the draft looks very long but after page 44 a lot of
examples and definitions are included for better understanding. So the
first 43 pages are primary in scope for feedback but feedback for the
other pages is welcome, too.
Abstract
The Intrusion Detection Parametrization Exchange Format (IDPEF) defines
data formats and exchange procedures to standardize parametrization
information exchange into intrusion detection and response systems from
an independent central Manager to any Analyzer. The IDPEF enables a
combination of different (vendor and analyzing technique) IDS Analyzers
under one independent central Manager. A separate operations of IDS is
not longer needed. Base is a new parametrization methodology where IDS
operating parameters (configurations) are separated in an environmental
parametrization part and a vendor-specific analyzing part.
This Internet-Draft describes a data model to represent parametrization
information of intrusion detection system entities, and explains the
rationale for using this model. An implementation of the data model in
the Extensible Markup Language (XML) is presented, a XML Document Type
Definition is developed, and parametrization examples are provided.
I am looking forward to your suggestions, feedback, notations, hints,
recommendations, etc. to improve the Internet Draft. Also native speaker
feedback with scope on wording and typo is welcome.
Kind regards,
Bjoern-C.