ArcSight, Inc., a provider of Enterprise Security Management (ESM) software, has released the Common Event Format (CEF), an open log management standard that improves the interoperability of security-related information from different security and network devices and applications.
CEF is based on ArcSights expertise from building more than 230 connectors across 30 different security and network technology categories and is the first log management standard developed and optimised to support such a broad range of device types. CEF enables technology companies and customers to use a common event log format so that data can be easily collected and aggregated for analysis by an enterprise security management system.
Existing standards, such as WELF and IDMEF, target a single component of the security infrastructure, are tied to a specific transport protocol or are designed specifically for applications and cannot support todays high-performance, real-time security requirements. In contrast, the CEF standard is an extensible, text-based, high-performance format designed to support any source of event logs needed to gain a comprehensive view of an organisations security and compliance.
The Common Event Format is an open format that is now publicly available. To assist technology companies that want to adopt, test and certify their compatibility with the CEF standard, ArcSight has formed a Common Event Format certification program. ArcSight will provide documentation, access to a hosted ArcSight ESM solution for testing and Web support as part of the CEF certification process. AirTight Networks, CipherOptics, DeepNines, Intrusic, Reconnex, Vericept and Vontu are among ArcSight technology partners who are leveraging the CEF standard today and are going through the certification program. For more information on this program, please .
[This sounds like the best idea I've seen so far today - may it be widely adopted! --Ed].
Related links: (Open in a new window.)
www.arcsight.com
Taken from Information Security Bulletin.