CEE Status Update

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CEE Status Update

heinbockel
19 June 2009

CEE Update:
Proposal for BlackHat USA
-------------------------
MITRE has been busily working on proposal for the architecture and
specifications that comprise CEE. This proposal is based on ideas and
feedback contributed by experts in field.

In order to handle the complexity of the event log space and its
numerous use cases, CEE needs to be well architected, useful, and
above all, simple. In addition, CEE should look to leverage existing
standards wherever possible.

Following from the CEE Whitepaper, the proposal divides CEE into
five (5) areas:
  1. Data Dictionary - CEE data element names and types
  2. Taxonomies - event categories/types
  3. Event Profiles - log templates for various event taxons
  4. Encoding Specifications - how to encode CEE data into XML,
plaintext, and binary
  5. Transport Specifications - how to transmit CEE encoded data

We are in the process of putting the finishing touches on the
proposal,
and will be posted on the CEE website in time for the BlackHat USA
Conference on 28 July 2009.


CEE BOF Meeting at RSA
----------------------
There was a CEE Birds-of-the-Feather meeting during the RSA Conference
in San Francisco last month. We are glad to report that most of the
CEE Board Members were able to attend.

The reports from that meeting were all positive. Many attendees shared
their ideas on log standards and how best to organize CEE. It was
a real surprise (and good outlook for CEE) that everybody had similar
approaches.

These ideas have been incorporated into the aforementioned proposal.


William Heinbockel
Infosec Engineer, Sr.
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
[hidden email]
781-271-2615



smime.p7s (4K) Download Attachment