Notes from Telecon--10/24/08

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Notes from Telecon--10/24/08

Durrant, Sheldon A.
CEE Telecon
24 October 2008

CEE will be the most valuable to the community if we take a
top-down approach. This means that we start with a couple
high-level use case drivers, such as regulatory compliance
requirements as well as other log guidance, and determine
what log types and data are necessary to meet those needs.

CEE should aim to be a lightweight standard. However, it
needs to be flexible/extensible enough to support larger,
more complex uses.

At minimum, CEE should require a timestamp and some sort of
event classification.

The standard log data should be self describing, possibly in
the form of name-value pairs. The next version of Syslog
(currently in draft version in IETF) can probably support
this within structured data blocks.

MITRE has briefed CEE to both NATO and the US Dept. of
Defense. Both organizations are interested in standardizing
their computer security infrastructures and have expressed
much interest in CEE.
Additionally, CEE will be being briefed at the MILCOM 2008
Conference in San Diego in November.

MITRE has been approached by several vendors interested in
supporting/implementing CEE in their products.


  To do
  =====

1. MITRE will look at some of the high level PCI, SOX, FISMA
and other log drivers, and will drive the Use Case WG
forward.

2. MITRE will also suggest a couple of diverse use cases to
start driving CEE implementations. These use cases will
probably be to (1) support regulatory needs and (2) support
one of our sponsors' needs for IA/CND log standards.

3. Raffy will post an updated version of his working Data
Dictionary.


  Upcoming Conferences
  ====================

Also, we discussed possible occasions for face-to-face
meet-ups. The following events were suggested:

- SchmooCon, D.C., 6-8 Feb
- SourceBoston, Boston, 9-13 March
- RSA, San Francisco, 20-24 April






Sheldon A. Durrant
Infosec Engineer/Scientist
The MITRE Corporation
202 Burlington Road
M/S S124
Bedford, MA 01730
781-271-7350