[Os-sim-devel] prelude/ossim thoughts

[DK <dk...@os...>]

Hi,

first of all I want to say hello since this is the first time I post to 
the prelude-devel list. I'm CCing os-sim-devel too.

A couple of weeks ago we (at ossim.net) were approached by Gener R. 
Gomez and Krzysztof Zaraska regarding the benefits of a possible 
prelude/ossim integration. We've been quite busy in the last weeks but 
finally got some time and had a look into it.

My first impression is that, as Gene stated earlier, both projects 
could benefit from such an integration / collaboration. Prelude 
provides a strong sensor-manager architecture, much better collection 
mecanisms than ossim and a lot of interesting features that ossim 
lacks. Ossim's focus on the other hand is the integration of tools, 
their interoperability and the presentation layer that glues everything 
together  and, of course, the correlation stuff we're heavily working 
on. I think prelude could benefit from them too.

I'm writing down all the pros and cons (and possible problems) of such 
an integration and will send it to this list as soon as possible. If 
this isn't the right place to discuss such matter please tell me where 
/ whom to write.

BTW, reading the lists archives I saw a mention to CALM. CALM, as used 
in ossim has nothing to do with http://www.kung-foo.tv/calmapi.php. We 
didn't know of the existence of the calm correlation api (but it's 
interesting read...). Ossim's CALM is a simple event accumulation 
algorithm that tries to come up with a realtime measurement of a 
hosts/nets/global risk.

Greetings,

Dominique