Minute Minutes from April 9 RSA Conference

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Minute Minutes from April 9 RSA Conference

heinbockel
Here are my notes from the April 9th face to face
meeting at RSA. Most of the discussion centered on
the XDAS-CEE relationship/overlap, but some other
good discussions were had.



CEE Meeting Minutes
RSA Conference 2008, San Francisco
9 April 2008, 3:00PM PT

Attendees:
Gabriel Coelho-Kostonly, ArcSight
Anton Chuvakin, LogLogic
Raffy Marty, Splunk
Ian Dobson, OpenGroup
Bob Blakely, Burton Group
Eric Fitzgerald, Microsoft
John McReynolds, RSA
Jon Baker/Drew Buttner, MITRE


Topics:

1. Coordinating CEE and XDAS
  XDAS is coordinated by OpenGroup, with the
support of Novell
  Similar goals, need to come to agreement on how
best to merge

2. Burton Group - analyst, industry rep.
        MITRE is independent: govt. and industry
support
        Both have standards experience

3. CEE: Is it 1 standard or 4?

4. Taxonomy is the most important, highest impact
        So is logging recommendations

5. Need lead/editor for each section (maybe per
CEE component?)
        Need documentation -- it is hard to
organize without much
        written guidance. Should concentrate on
flushing out use
        cases, scope, and higher level topics
first. We can leave
        the technical stuff for later.

6. Field list is easier, but still not without
debate
        source vs. src_ip vs. ipv4/ipv6, not every
network is IP...

7. Common Event Standard SIG happening at the
BurtonGroup
Catalyst conference on 24 June in San Diego. XDAS
and
CEE will be highlighted. Need to determine agenda
and attendees.


Todo:
1. Send out Whitepaper [draft] to RSA group
2. Start documenting CEE Use Cases and scope



William Heinbockel
Infosec Engineer, Sr.
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
[hidden email]
781-271-2615



smime.p7s (4K) Download Attachment