CEE Announce Newsletter (22 May 2007)

CEE-Announce Newsletter
Volume 1
22 May 2007


====================================================The Goals of CEE
====================================================
With the Common Event Expression (CEE) standard, it is
MITRE's goal to guide a community-led effort in the
development of common log event format. From discussions
we have already had with many of you, it is evident that
many are faced with the same problems surrounding
the management, correlation, forensics, and other log-
related issues, including regulatory compliance demands.

The CEE mission is to be a vendor-neutral standard. As such,
we highly encourage everyone's participation -- this is
your chance to improve the event log space.


** NOTE: We are still in the process of setting up a CEE
website. An e-mail will be sent to this list when the site
goes live.


====================================================Working Group Details
====================================================
We believe that the primary problem surrounding the
current log formats is that they were written for human
interpretation. Logs are heterogeneous and all too often
are stating the same information in different ways. We
are placing more dependence on log messages and are
forced to rely on various appliances to deal with the
massive quantities. What we need is a log standard that
compliments how logs are currently being used.

As a starting point, MITRE has identified a few areas
where we believe standardization is necessary -- the
language (taxonomy), event details, and log exchange
format (transport). Another important issue that should
be addressed as a follow-on is logging recommendations.
Are there certain events a device (e.g., firewall, OS,
router) is expected to log? Are there details that should
accompany certain events?

The CEE Working Group will consist of all interested
parties and will be the forum used to discuss and solicit
feedback on the progress of CEE. Most correspondence will
occur via e-mail through the various mailing lists.
Meetings will held when necessary via MITRE-sponsored
teleconferences or during major conferences.

Once CEE has gained some maturity, we expect to create
an editorial board consisting of select members to provide
guidance and vote on unresolved issues.


====================================================CEE Mailing Lists Created
====================================================
For all of those that have expressed interested in
MITRE's Common Event Expression (CEE) standardization
effort, we have set up a low-volume mailing list
([hidden email]) for the submission of
CEE-related news.

Akin to the CVE, OVAL, and other announce lists, this
list will only be used by MITRE to provide news and
CEE-related updates.

Additionally, a discussion mailing list has been created
for interested persons to provide input on CEE-related
topics. All interested parties have been already added to
both (cee-announce-list and cee-discussion-list) lists.


-------------------------------------------------------
Privacy Policy

Mailing List Subscription Information

MITRE performs due diligence to ensure that subscription
information is kept confidential. In addition, all CEE-
related mailing lists that are sponsored by MITRE are
configured to prevent attackers from identifying the
subscribers to such mailing lists.

Optional information that subscribers may provide, such as
company name, location, or job function, is used to
determine broad demographic information regarding the
types of users of these mailing lists. Subscribers are not
required to provide this information.

Provision of Information to Third Parties

MITRE will not provide any information that identifies
specific individuals, e.g., email addresses or IP addresses,
to any other organization, except where required by law.
MITRE may provide broad demographic information to other
organizations.


=====================================================COMMENTS AND UNSUBSCRIBING
=====================================================
To unsubscribe from the CEE-Announce e-newsletter, open a new
email message and copy the following text to the BODY of the
message "SIGNOFF CEE-Announce-list", then send the message to:
[hidden email].

All questions and subscription requests should be sent to
[hidden email]

Copyright 2007, The MITRE Corporation. CEE and the CEE logo are
trademarks of The MITRE Corporation.