Menu
▾
▴
[Os-sim-devel] RE: [prelude-devel] prelude/ossim thoughts
|
From: Gene R G. <ge...@go...> - 2004-05-03 16:57:25
|
Hi Dominique, I'm glad to see that you're evaluating the pros and cons of integration. One thing that I wanted to mention before you get too heavy into it is that my initial plan was to base any integration off of the 0-9 Prelude branch (currently in the late stages of development), rather than 0-8. Two reasons: 1. While Prelude has always been oriented towards IDMEF, 0-9 is fully IDMEF-compliant. IDMEF will become more and more important after its final version is ratified and made an official standard for IDS data exchange. 2. 0-9 implements libpreludedb, a database abstraction API that makes integration of other tools much easier. All we'd need to do is write up libpreludedb calls and then the API would take care of doing the neccessary SQL manipulations so that you wouldn't have to worry about what backend was being used or how the schema was designed. In fact, I think it's likely that a libpreludedb plugin could be written for the current OSSIM database so that future data exchange would be easier (a series of SELECTs from one database and INSERTs to the other made via the API would be easy to pull off). Anyway, let us know if you have any additional questions, or if there is some way we can help with the development of your pro/con list. Thanks! Gene R Gomez > -----Original Message----- > From: pre...@pr... > [mailto:pre...@pr...]On Behalf Of DK > Sent: Monday, May 03, 2004 4:54 AM > To: pre...@pr... > Cc: os-...@li... > Subject: [prelude-devel] prelude/ossim thoughts > > > Hi, > > first of all I want to say hello since this is the first time I post to > the prelude-devel list. I'm CCing os-sim-devel too. > > A couple of weeks ago we (at ossim.net) were approached by Gener R. > Gomez and Krzysztof Zaraska regarding the benefits of a possible > prelude/ossim integration. We've been quite busy in the last weeks but > finally got some time and had a look into it. > > My first impression is that, as Gene stated earlier, both projects could > benefit from such an integration / collaboration. Prelude > provides a strong sensor-manager architecture, much better collection > mecanisms than ossim and a lot of interesting features that ossim > lacks. Ossim's focus on the other hand is the integration of tools, > their interoperability and the presentation layer that glues everything > together and, of course, the correlation stuff we're heavily working > on. I think prelude could benefit from them too. > > I'm writing down all the pros and cons (and possible problems) of such > an integration and will send it to this list as soon as possible. If > this isn't the right place to discuss such matter please tell me where / > whom to write. > > BTW, reading the lists archives I saw a mention to CALM. CALM, as used > in ossim has nothing to do with http://www.kung-foo.tv/calmapi.php. We > didn't know of the existence of the calm correlation api (but it's > interesting read...). Ossim's CALM is a simple event accumulation > algorithm that tries to come up with a realtime measurement of a > hosts/nets/global risk. > > Greetings, > > Dominique > > _______________________________________________ > Prelude-devel site list > Pre...@pr... > http://www.prelude-ids.org/mailman/listinfo/prelude-devel > > _______________________________________________ > Prelude-devel site list > Pre...@pr... > http://www.prelude-ids.org/mailman/listinfo/prelude-devel |
