Intrusion Detection Exchange Format (idwg)
------------------------------------------

 Charter
 Last Modified: 2005-01-26

 Current Status: Active Working Group

 Chair(s):
     Michael Erlinger  <mike@cs.hmc.edu>

 Security Area Director(s):
     Russ Housley  <housley@vigilsec.com>
     Sam Hartman  <hartmans-ietf@mit.edu>

 Security Area Advisor:
     Sam Hartman  <hartmans-ietf@mit.edu>

 Mailing Lists: 
     General Discussion:idwg-l@hmc.edu
     To Subscribe:      listkeeper@hmc.edu
         In Body:       'subscribe idwg-l' in the body
     Archive:           http://www.izerv.net/idwg-public/

Description of Working Group:

Security incidents are becoming more common and more serious, and 
intrusion detection systems are becoming of increasing commercial
importance.  Numerous intrusion detection systems are important in the 
market and different sites will select different vendors. Since 
incidents are often distributed over multiple sites, it is likely that
different aspects of a single incident will be visible to different
systems.  Thus it would be advantageous for diverse intrusion
detection systems to be able to share data on attacks in progress.

The purpose of the Intrusion Detection Working Group is to define data
formats and exchange procedures for sharing information of interest to
intrusion detection and response systems, and to management systems
which may need to interact with them.  The Intrusion Detection Working
Group will coordinate its efforts with other IETF Working Groups.

The outputs of this working group will be:

1. A requirements document, which describes the high-level functional
   requirements for communication between intrusion detection systems 
   and requirements for communication between intrusion detection 
   systems and with management systems, including the rationale for 
   those requirements.  Scenarios will be used to illustrate the 
   requirements.

2. A common intrusion language specification, which describes data 
   formats that satisfy the requirements.

3. A framework document, which identifies existing protocols best used
   for communication between intrusion detection systems, and describes
   how the devised data formats relate to them.

 Goals and Milestones:

   Done         Submit Requirements document as an Internet-Draft 

   Done         Submit Framework and Language documents as Internet-Drafts 

   Done         Submit Requirements document to IESG for consideration as an 
                RFC. 

   Done         Submit Language documents to IESG for consideration as RFCs. 

   Done         Submitt transport documnet to IESG for consideration as RFCs 


 Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
Jun 1999 Oct 2002   <draft-ietf-idwg-requirements-10.txt>
                Intrusion Detection Mesage Exchange Requirements 

Apr 2000 Mar 2006   <draft-ietf-idwg-idmef-xml-16.txt>
                The Intrusion Detection Message Exchange Format 

Feb 2001 Oct 2002   <draft-ietf-idwg-beep-idxp-07.txt>
                The Intrusion Detection Exchange Protocol (IDXP) 

 Request For Comments:

  RFC   Stat Published     Title
------- -- ----------- ------------------------------------
RFC3620Standard  Oct 2003    The TUNNEL Profile