Specifications   Search
CEE™ Common Event Expression: A Unified Event Language for Interoperability
CEE Website is in "Archive" status — read the announcement

About CEE



CEE Language

Current Release

Previous Releases

CEE Community

CEE Board

Discussion Archive

News & Events


Search the Site

About CEE




Additional Information

Terms of Use

CEE Documents — Archive

CEE Specifications | Contributed | General

CEE Specifications

CEE Overview Specification, Version 1.0-beta1

The CEE Overview provides a high-level overview of CEE along with details on the overall architecture and introduces each of the CEE components including the CEE Profile, CEE Log Syntax, and the CEE Log Transport. The CEE Overview is the first in a collection of documents and specifications, whose combination provides the necessary pieces to create the complete CEE event log standard.

CEE Profile Specification, Version 1.0-beta1

The CEE Profile allows for the improved interpretation and analysis of event data by allowing users to define how events are structured and what data they provide. The Profile consists of three components that provide a standardize field dictionary and base requirements for CEE-compatible events.

CEE Common Log Syntax (CLS) Specification, Version 1.0-beta1

The CLS Specification describes the requirements for encoding and decoding for a Common Event Expression (CEE) Event, and provides encoding declarations for XML and JSON event records.

CEE Common Log Transport (CLT) Specification, Version 1.0-beta1

The CLT Specification provides the technical support necessary for a secure and reliable log infrastructure. The CLT document defines a listing of requirements conformant log transports must meet. In addition, the CLT defines transport mappings, which define a standard methodology for transmitting encoded CEE Event Records over certain protocols.


Contributed by CEE Community Members

Common Event Expression (CEE): Overview (contributed)

This document was contributed by Eric Fitzgerald of Microsoft and contributed to by the members of the CEE Board. It provides a brief overview of CEE and the various event log and audit problems the standard is attempting to address.

PDF (606 KB)



CEE Introductory Brochure

A brief two-page introduction to the CEE initiative. February 2012.

PDF (368 KB)

CEE: Common Event Expression

This introductory briefing was presented at NIST’s 5th Annual IT Security Automation Conference and Expo on October 27, 2009.

PDF (911 KB)

Supplementing IT Event Standards for Mission Assurance White Paper and Briefing

This paper explains how by adopting and extending the Common Event Expression standard to support mission-relevant data, computer network defense (CND) systems can begin to monitor their mission environment and how once standardized mission event information becomes available, more adaptive CND capabilities can then be developed that are better suited to the various mission environments than what was previously available. This paper was written for, and presented as a briefing at, Military Communications Conference 2008 (MILCOM 2008). November 17-19, 2008.

PDF — white paper (203 KB)
PDF — briefing (457 KB)

Explaining CEE: The Need for Event Standards

This briefing explains the need for event standards and provides an overview of CEE. September 11, 2008.

PDF (835 KB)

Common Event Expression White Paper

Provides a detailed introduction to the Common Event Expression (CEE) initiative to create an open community-developed event interoperability standard for electronic systems. The paper describes the scope of the problem; explains how CEE’s Common Log Transport (CLT), Common Log Syntax (CLS), Common Event Expression Taxonomy (CEET), and Common Event Log Recommendations (CELR) will provide the framework for a community consensus in log transportation, log syntax, event representation, and event logging recommendations for various log sources and scenarios; examines the benefits and illustrates them in two use cases; reviews CEE in comparison to past efforts; and offers a roadmap to creating the CEE Language Specifications. December 2007.

PDF (341k)


Page Last Updated: May 15, 2013