Common Event Expression: CEE 2007-2008 News (Archive)

MITRE hosted a Making Security Measurable table booth at the U.S. National Institute of Standards and Technology’s (NIST) Security Automation Conference & Workshop 2008 on September 23-25, 2008 in Gaithersburg, Maryland, USA. Booth visitors learned how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Visit the CEE Calendar for information on this and other events.

September 18, 2008

CEE Establishes Working Group for Use Cases

CEE has established a CEE Working Group to document and prioritize use cases for CEE. When decisions must be made for any standard, we must rely on the feedback from the supporting community and the motivating use cases. For CEE, we have a healthy and continuously expanding community, but need to begin deciding which use cases CEE will and will not support.

OBJECTIVES

The expected outcome from this Working Group is a prioritized listing of detailed use cases divided into three categories:

1. Use Cases CEE must support

2. Use Cases CEE may support

3. Use Cases CEE will not support

The use cases should at least cover the ways in which logs are currently used (security audits, SIM correlation, compliance mandates), but may provide some insight into potential future uses.

ORGANIZATION AND PROCESS

Working Groups are created to investigate and draft one or more documents on a certain topic. While MITRE will provide a mailing list for each discussion group to use, it is up to the groups to determine how best to operate.

Each Working Group is responsible for choosing a Lead. The Lead will be responsible for keeping the Working Group on task and reporting its status to the CEE Editorial Board at least on a quarterly basis.

Once the Working Group has created a stable document, a draft version will be made available for public comment. During this period everybody is welcome to review the draft and submit comments to the Working Group. The Working Group will review all comments, make any necessary revisions, and post the updated draft for another round of public comment. At least two (2) drafts must be posted for public review before the document can be submitted to the CEE Editorial Board. It is ultimately up to the CEE Editorial Board to decide when a draft document has reached a point of community consensus, at which point the document will be considered to be a final version.

Once a final document has been produced, any updates must be approved by the CEE Editorial Board. In a case where major changes need to be made, the Working Group will be reestablished to recommend the necessary updates.

HOW TO PARTICIPATE

If you are interested in becoming a part of this Working Group, please subscribe to the Use Case Working Group email list. All use case and Working Group-related discussions will be held on this mailing list to minimize the traffic volumes on the other mailing lists.

To subscribe, open a new email message and copy the following text to the BODY of the message "SUBSCRIBE CEE-WORKING GROUP-USECASE-List", then send the message to: listserv@lists.mitre.org.

NOTE: The CEE Team will be moderating the registration requests to this list and will only approve subscriptions for those email addresses previously subscribed to the CEE Community Discussion or CEE Announce mailing lists.

September 4, 2008

CEE Holds Community Teleconference on August 29

The CEE Team held a teleconference meeting of the CEE Community on August 29, 2008. Discussion topics included a report on recent CEE meetings and activities, a working group charter, and preliminary roadmaps. Meeting minutes will be posted in the Discussion Archives once they are available.

CEE Working Group Meeting Minutes Now Available

Meeting minutes from the CEE Working Group face-to-face meeting held on August 8, 2008 in Las Vegas, Nevada, USA have been posted in the Discussion Archives.

August 14, 2008

CEE Working Group Holds Meeting

The CEE Working Group held a face-to-face meeting on August 8, 2008 at the Riviera Hotel & Casino, Las Vegas, Nevada, USA with several members of the CEE community attending. Meeting minutes will be posted in the Discussion Archives once they are available.

As a reminder, a CEE Community Teleconference Meeting is currently scheduled for August 29, 2008. Visit the CEE Calendar page and/or read the July 24th article below for additional information.

CEE Participates in "Making Security Measurable" Booth at Black Hat Briefings 2008

CEE participated in a Making Security Measurable booth at Black Hat Briefings 2008 on August 6-7, 2008 at Caesars Palace Las Vegas in Las Vegas, Nevada, USA. Booth visitors learned how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

See the CEE Calendar for information on this and other events.

July 24, 2008

Burton Group, Open Group, and Novell Join CEE Effort

Burton Group, Open Group, and Novell have joined the CEE effort to create a single, unified, and industry-adopted log standard. The three organizations joined CEE after a very productive meeting at the "Common Events Standards Special Interest Group (SIG)" at the Burton Group Catalyst Conference North America 2008 in June.

The CEE Team especially recognizes the work done by Novell and Open Group in the creation of the XDAS draft specification for distributed audit services. The XDAS specification, which is free to download on the Open Group Web site, "defines a set of generic events of relevance at a global distributed system level, and a common portable audit record format to facilitate the merging and analysis of audit information from multiple components at the distributed system level. Four groups of APIs are provided to accomplish this."

The experience and knowledge of these three organizations, in both the logging and standardization space, strongly complements that of MITRE and other members of the CEE community.

CEE Working Group Meeting Scheduled for August 8

A face-to-face CEE Working Group meeting is currently scheduled for Friday, August 8, 2008 at the Riviera Hotel & Casino, Las Vegas, Nevada, USA. Numerous members of the CEE community will already be present at this location for Black Hat Briefings 2008 and DefCon 16. Interested attendees should convene at 12 p.m. outside the DefCon registration area at the Riviera Hotel & Casino. For those who would like to attend, but cannot be at the Riviera by noon, please contact us at cee@mitre.org.

CEE Community Teleconference Scheduled for August 29

A CEE Community Teleconference Meeting is currently scheduled for August 29, 2008 from 12 p.m. to 2 p.m., EST. The meeting is open to anyone interested in CEE. The agenda will include a report on recent CEE meetings and activities, including those at the Burton Group CES SIG and at Black Hat Briefings 2008. We would also like to come to agreement on a roadmap and prioritization for creating log specifications and documents.

Phone numbers: 866-648-7367 (North America callers only); 1-703-983-6338 or 781-271-6338 (International)
Meeting ID: 2331

For additional information please contact us at cee@mitre.org.

July 10, 2008

CEE Scheduled to Participate in "Making Security Measurable" Booth at Black Hat Briefings 2008 on August 6-7

CEE is scheduled to participate in a Making Security Measurable booth at Black Hat Briefings 2008 on August 6-7, 2008 at Caesars Palace Las Vegas in Las Vegas, Nevada, USA.

Visit us at Booth A and learn how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Visit the CEE Calendar for information on this and other events.

June 26, 2008

CEE Presents Briefing at Burton Group Catalyst Conference North America 2008 on June 24

CEE Team Members William J. Heinbockel (MITRE) and Anton Chuvakin (LogLogic) presented briefings about CEE and the government interest thereof to the "Common Events Standards Special Interest Group (SIG)" at the Burton Group Catalyst Conference North America 2008 on June 24, 2008 at the Best Manchester Grand Hyatt in San Diego, California, USA.

Visit the CEE Calendar for information on this and other events.

MITRE Hosts "Making Security Measurable" Booth at 2008 Cyberspace Symposium on June 16-19

MITRE hosted a Making Security Measurable booth at the 2008 Cyberspace Symposium on June 16-19, 2008 at the Best Westin Royal Plaza Hotel and Trade Center in Marlborough, Massachusetts, USA.

Visit the CEE Calendar for information on this and other events.

June 12, 2008

CEE Scheduled to Present Briefing at Burton Group Catalyst Conference North America 2008 on June 24

CEE Technical Lead William J. Heinbockel is scheduled to present a briefing about CEE to the "Common Events Standards Special Interest Group (SIG)" at the Burton Group Catalyst Conference North America 2008 on June 24, 2008 at the Best Manchester Grand Hyatt in San Diego, California, USA.

Visit the CEE Calendar for information on this and other events.

MITRE Scheduled to Host "Making Security Measurable" Booth at 2008 Cyberspace Symposium on June 16-19

MITRE is scheduled to host a Making Security Measurable booth at the 2008 Cyberspace Symposium on June 16-19, 2008 at the Best Westin Royal Plaza Hotel and Trade Center in Marlborough, Massachusetts, USA.

Visit the CEE Calendar for information on this and other events.

MITRE Presents "Making Security Measurable" Briefing at 4th Annual GFIRST Conference on June 2-4

CWE Program Manager Robert A. Martin presented a briefing about Making Security Measurable at the 4th Annual GFIRST Conference on June 2-4, 2008 at the Caribe Royale Hotel in Orlando, Florida, USA.

Visit the CEE Calendar for information on this and other events. Contact cee@mitre.org to have CCE present a briefing or participate in a panel discussion about CCE, CVE, CPE, CWE, CAPEC, CEE, CRF, OVAL, and/or Making Security Measurable at your event.

MITRE Presents "Making Security Measurable" Briefing and Conducts a Half-Day Tutorial at AusCERT 2008 on May 18-23

CWE Program Manager Robert A. Martin and CWE Technical Lead Steven M. Christey presented a briefing about Making Security Measurable and conducted a half-day Making Security Measurable tutorial at AusCERT 2008 on May 18-23, 2008 at the Crowne Plaza Royal Pines Resort in Gold Coast, Australia.

Visit the CEE Calendar for information on this and other events.

MITRE Presents "Making Security Measurable" Briefing at 2008 IEEE Conference on the Technologies for Homeland Security on May 12-13

CWE Program Manager Robert A. Martin presented a briefing about Making Security Measurable to the 2008 IEEE Conference on Technologies for Homeland Security on May 12-13, 2008 at the Westin Hotel in Waltham, Massachusetts, USA.

Visit the CEE Calendar for information on this and other events.

May 14, 2008

MITRE Hosts "Making Security Measurable" Booth at RSA 2008, April 7-11

MITRE hosted a Making Security Measurable exhibitor booth at RSA 2008 on April 7-11, 2008 at the Moscone Center in San Francisco, California, USA.

The conference exposed the CEE, CVE, CCE, CPE, CWE, CAPEC, CRF, OVAL, and Making Security Measurable efforts to information security professionals from government and industry. Visit the CEE Calendar for information on this and other events.

April 4, 2008

MITRE to Host "Making Security Measurable" Booth at RSA 2008, April 7-11

MITRE is scheduled to host a Making Security Measurable exhibitor booth at RSA 2008 on April 7-11, 2008 at the Moscone Center in San Francisco, California, USA.

The conference will expose the CEE, CVE, CCE, CME, CPE, CWE, CAPEC, CRF, OVAL, and Making Security Measurable efforts to information security professionals from government and industry. Visit the CEE Calendar for information on this and other events.

MITRE Presents "Making Security Measurable" Briefing at SEPG North America 2008 on March 18

MITRE Principal Engineer Robert A. Martin presented a Making Security Measurable briefing entitled "Architecting Security for Enterprise Process Improvement" at SEPG North America 2008 on March 1, 2008 at the Tampa Convention Center in Tampa, Florida, USA.

March 19, 2008

Common Event Expression (CEE) Introductory White Paper Now Available

The Common Event Expression (CEE) White Paper has been posted on the Documents page in the About section of the CEE Web site. The paper provides a detailed introduction to the CEE initiative including describing the scope of the problem CEE address; explaining how CEE’s Common Log Transport (CLT), Common Log Syntax (CLS), Common Event Expression Taxonomy (CEET), and Common Event Log Recommendations (CELR) will provide the framework for a community consensus in log transportation, log syntax, event representation, and event logging recommendations for various log sources and scenarios; examining the benefits CEE and illustrating them in two use cases; reviewing CEE in comparison to past efforts; and offering a roadmap to creating the CEE Language Specifications.

CEE Briefing Presented at InfoSec World Log Management Summit on March 13

Anton Chuvakin, Chief Logging Evangelist at LogLogic, Inc. presented a briefing about CCE entitled "Emerging Log Standards" at Infosec World Log Management Summit on March 13, 2008 at the Rosen Shingle Creek Resort in Orlando, Florida, USA.

Visit the CEE Calendar for information on this and other events.

MITRE Hosts "Making Security Measurable" Booth at InfoSec World 2008, March 10-11

MITRE hosted a Making Security Measurable exhibitor booth at InfoSec World Conference & Expo 2008 on March 10-11, 2008 at the Rosen Shingle Creek Resort in Orlando, Florida, USA.

The conference exposed the CEE, CVE, CCE, CME, CPE, CWE, CAPEC, CRF, OVAL, and Making Security Measurable efforts to information security professionals from government and industry. Visit the CEE Calendar for information on this and other events.

February 1, 2008

MITRE Hosts "Making Security Measurable" Booth at 2008 Information Assurance Workshop, January 28 - February 1

MITRE hosted a Making Security Measurable exhibitor booth at the 2008 Information Assurance Workshop on January 28 - February 1, 2008 at the Philadelphia Marriott Downtown in Philadelphia, Pennsylvania, USA. The conference exposed the CEE, CVE, CCE, CME, CPE, CWE, CAPEC, CRF, OVAL, and Making Security Measurable efforts to information security professionals from government and industry.

Visit the CEE Calendar for information on this and other events.

December 7, 2007

Common Event Expression (CEE) Launches New Web Site

This new Common Event Expression (CEE) Web site includes a CEE Language section with information to assist the community in developing the CEE Event Taxonomy, CEE Log Syntax Specification, CEE Log Transport Specification, and CEE Log Recommendations documents; an About section describing the overall CEE effort in more detail; News and Calendar pages; and a Community section with a CEE Working Group page, and a CEE Discussion List sign-up page.

July 31, 2007

CEE Included in Booth at Black Hat Briefings 2007, August 1-2

MITRE hosted a Making Security Measurable exhibitor booth that included information about CEE at Black Hat Briefings 2007 on August 1-2, 2007 at Caesars Palace in Las Vegas, Nevada, USA. The conference exposed MITRE’s CCE, CVE, CCE, CME, CPE, CWE, OVAL, and Making Security Measurable efforts to a diverse audience of information security-focused attendees from around the world.

Visit the CEE Calendar page for information on upcoming events.

CEE Included in Briefing at 19th Annual System and Software Technology Conference on June 20

CEE was included as a topic in a briefing entitled "Creating a Secure Architecture as a Basis for Compliance" by MITRE Principal Engineer Robert A. Martin at the 19th Annual System and Software Technology Conference on June 20, 2007 at the Tampa Convention Center in Tampa, Florida, USA. The briefing exposed MITRE’s CEE, CVE, CCE, CME, CPE, CWE, OVAL, and Making Security Measurable efforts to a diverse audience of information security professionals from industry and the U.S. government and military.

Visit the CEE Calendar page for information on upcoming events.

Page Last Updated: April 27, 2010