Attack Taxonomies

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Attack Taxonomies

Michael Starks
AlienVault has created a taxonomy to describe security events. Details
about it can be described here:
http://labs.alienvault.com/labs/index.php/projects/open-source-security-event-taxonomy/

In the post, they mention that Snort and Suricata have begun to adopt
the taxonomy. How does this compare with the CEE taxonomy? Would you
consider them complimentary or competing?
Reply | Threaded
Open this post in threaded view
|

Re: Attack Taxonomies

Anton Chuvakin
Well, a quick look at past CEE whitepapers (at cee.mitre.org) will
give you the answer. In general, CEE discussions back in 2005 started
from our collective experience with  inadequacy of tree based
taxonomies (category -> event type -> specific event). Over time, they
revolt and kill their creators :-)

It is possible to map an O-A-S CEE taxonomy to any tree-based
taxonomy, of course.


On Fri, Jul 27, 2012 at 8:10 PM, Michael Starks
<[hidden email]> wrote:
> AlienVault has created a taxonomy to describe security events. Details about
> it can be described here:
> http://labs.alienvault.com/labs/index.php/projects/open-source-security-event-taxonomy/
>
> In the post, they mention that Snort and Suricata have begun to adopt the
> taxonomy. How does this compare with the CEE taxonomy? Would you consider
> them complimentary or competing?



--
Dr. Anton Chuvakin
Site: http://www.chuvakin.org
Twitter: @anton_chuvakin
Work: http://www.linkedin.com/in/chuvakin