There is a lot of talk around interoperability standards lately.Following these discussions, it seems to me that people are intermixing a lot of different topics:
a) Log format (syntax)
b) Event transport
c) Event classification (also called taxonomy, categorization, grammar)
d) Logging recommendations (what events specific devices should report AND what fields they should contain as a minimum
I would really like to see future discussions broken up into these four groups!
[…] are companies/people not learning/listening? So, there is yet another “standard” for event interoperability being suggested by yet another vendor. While some vendors (for example the one I used to work for), […]
Pingback by Raffy’s Computer Security Blog » Open Log Format - What a Great Standard - Not — September 14, 2007 @ 4:01 pm