|
|||||
CEE Website is in "Archive" status — read the announcement | |||||
---|---|---|---|---|---|
News & Events |
---|
Additional Information |
CEE Briefing at IT Security Automation Conference 2011
CEE Technical Lead William Heinbockel presented a briefing about CEE entitled "Standardizing Event and Log Management with CEE and EMAP" at the U.S. National Institute of Standards and Technology’s (NIST) 7th Annual IT Security Automation Conference on October 31 - November 2, 2011 in Arlington, Virginia, USA. MITRE also hosted a CEE/Making Security Measurable booth at the event.
The main purpose of the conference is to discuss Security Content Automation Protocol (SCAP) and "strategies for implementing continuous monitoring, using security automation tools and technologies to ease the technical burdens of policy compliance, and innovated uses of automation across the enterprise in both government and industry applications". SCAP uses the CVE, CCE, CPE, OVAL, XCCDF, OCIL, CVSS, and CCSS community standards to enable "automated vulnerability management, measurement, and policy compliance evaluation."
Visit the CEE Calendar for information on this and other events.
CEE Log Transport Recommendations Specification and CEE Transport Syslog Mapping Specification Now Available
Version 0.6 of the community-developed Common Log Transport (CLT) Recommendations Specification and CEE Transport Syslog Mapping Specification documents are now available in the CEE Language section.
The CLT Recommendations Specification describes the mandatory and preferred capabilities for a log transport protocol that enables reliable and secure sharing of event records between parties in a universal, machine-readable manner. The CLT Syslog Mapping Specification details how to send CEE messages using the Syslog transport protocol.
We encourage community members to offer feedback on these documents on the CEE Email Discussion list. You may also contact us directly at cee@mitre.org.
CEE Briefing at IT Security Automation Conference 2011, October 31 - November 2
CEE Technical Lead William Heinbockel will present a briefing about CEE entitled "Standardizing Event and Log Management with CEE and EMAP" at the U.S. National Institute of Standards and Technology’s (NIST) 7th Annual IT Security Automation Conference on October 31 - November 2, 2011 in Arlington, Virginia, USA. MITRE will also host a CEE/Making Security Measurable booth at the event.
The main purpose of the conference is to discuss Security Content Automation Protocol (SCAP) and "strategies for implementing continuous monitoring, using security automation tools and technologies to ease the technical burdens of policy compliance, and innovated uses of automation across the enterprise in both government and industry applications". SCAP uses the CVE, CCE, CPE, OVAL, XCCDF, OCIL, and CVSS community standards to enable "automated vulnerability management, measurement, and policy compliance evaluation."
Visit the CEE Calendar for information on this and other events.
CEE Briefing at EMAP Developer Workshop
CEE Technical Lead William Heinbockel presented a briefing about CEE at the U.S. National Institute of Standards and Technology’s (NIST) Event Management Automation Protocol (EMAP) Developer Workshop on August 29-30, 2011 in Gaithersburg, Maryland, USA.
Visit the CEE Calendar for information on this and other events.
Updated CEE Architecture Specification Now Available
Version 0.6 of the Common Event Expression (CEE™) Architecture Specification, which defines the structure and components that comprise the community-developed CEE event log standard, is now available on the Documents page of the CEE Web site. This document provides a high-level overview of CEE along with details on the overall architecture and introduces each of the CEE components including the data dictionary, event taxonomies, syntax encodings, and profiles.
We encourage community members to offer feedback on this document on the CEE Email Discussion list. You may also contact us directly at cee@mitre.org.
CEE Profiles Specification Now Available
Version 0.6 of the CEE Profiles Specification document is now available in the CEE Language section. This community-developed specification combines two important components of the CEE Architecture, the CEE Dictionary and Event Taxonomy (CDET) and the CEE Event Log Recommendations (CELR), into the single, machine-interpretable specification document.
"CEE Profiles" are how the community identifies the event data, event type tags, and event fields to record in logs for common log events; the event details that should be logged when a device completes a function or activity; and the specific events and fields that are produced by a particular product. All currently available community-developed CEE Profiles — which are written in Extensible Markup Language (XML) and are machine-readable — are free to download and use from the CEE Repository.
We encourage community members to offer feedback on this document on the CEE Email Discussion list. You may also contact us directly at cee@mitre.org.
Three CEE Syntax Specifications Now Available
Version 0.6 of the community-developed Common Log Syntax (CLS) Specification, CLS Encoding: JSON Specification, and CLS Encoding: XML Specification documents are now available in the CEE Language section.
The CLS Specification describes the abstract format for CEE Event Records, which is designed for maximum interoperability with existing event and interchange standards, and provides CLS Encodings that enable compatibility with other encoding standards. Each CLS Encoding defines a mapping from the CLS abstracted format to an encoding syntax, such as XML or JSON. The CLS Encoding: JSON Specification defines a CEE CLS encoding that is compatible with the RFC4627 JavaScript Object Notation (JSON) format, specifying how to encode a CEE event record using JSON as well as how to extract the CEE event record data from a JSON encoded event record. And finally, the CLS Encoding: XML Specification defines a CEE CLS encoding that is compatible with the W3C Extensible Markup Language (XML) 1.0 format, specifying how to encode a CEE event record using XML as well as how to extract the CEE event record data from an XML encoded event record.
We encourage community members to offer feedback on these documents on the CEE Email Discussion list. You may also contact us directly at cee@mitre.org.
CEE Repository Section Added to CEE Web Site
A CEE Repository section that gathers all community-developed CEE Profiles, CEE Specifications, CEE Schemas, and related documents in XML format into a single location has been added to the CEE Web site. The main purpose of the CEE Repository is to serve as the central meeting place for the CEE Community to discuss, analyze, store, and disseminate CEE content.
Comments or questions about the repository are welcome on the CEE Discussion List or directly to cee@mitre.org.
CEE Language Section Updated
The CEE Language section of the CEE Web site has been updated with new information and downloads based upon the recently released Version 0.6 specifications. A new main page for the section provides an overview of the language, links to the new "CEE Architecture" and "CEE Profiles" specifications, and links to the four main components of the language, the CEE Dictionary and Event Taxonomy (CDET), CEE Event Log Recommendations (CELR), CEE Log Syntax (CLS), and CEE Log Transport (CLT). Each of these four pages includes an overview of their component along with links to their related specifications.
CEE Mentioned in Article on Dark Reading
CEE was mentioned briefly in a May 7, 2011 article entitled "Can Companies Share Security Data? New Report Says Yes: Emerging standards, industry initiatives could enable enterprises to collaborate on security" on Dark Reading.
CEE is mentioned as "Obstacle #1: Lack of Event System Interoperability," in which the author states: "One of the major difficulties in processing event information from multiple systems is the lack of an accepted standard for events. Operating systems, intrusion detection systems, firewalls, virus detection software, and all manner of applications emit events using different syntaxes, semantics, transports, and purposes. Log entries for similar events do not have the same structure, nor do they contain the same information. This makes it difficult to recognize similar events from different types of systems … There are numerous efforts to standardize event reporting, including MITRE’s Common Event Expression (CEE) project and ArcSight’s Common Event Format (CEF) initiative."
CEE Briefing at EMAP Developer Workshop, August 29-30
CEE Technical Lead William Heinbockel will present a briefing about CEE at the U.S. National Institute of Standards and Technology’s (NIST) Event Management Automation Protocol (EMAP) Developer Workshop on August 29-30, 2011 in Gaithersburg, Maryland, USA.
Visit the CEE Calendar for information on this and other events.
CEE/Making Security Measurable Booth at Black Hat Briefings 2011
MITRE hosted a CEE/Making Security Measurable booth at Black Hat Briefings 2011 on August 3-4, 2011 at Caesars Palace Las Vegas in Las Vegas, Nevada, USA. Attendees learned how the CEE, CVE, CCE, CPE, CWE, CAPEC, MAEC, OVAL, etc., information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.
Visit the CEE Calendar for information on this and other events.
New CEE Board Member
Kent Landfield of McAfee, Inc. has joined the CEE Board.
New CEE Board Member
Paul Cichonski of National Institute of Standards and Technology (NIST) has joined the CEE Board.
Briefing Slides from Security Automation Developer Days 2011 Now Available
21 briefing presentations from the sessions at the Security Automation Developer Days 2011 conference on June 14-17, 2011 at MITRE in Bedford, Massachusetts, USA are now available for download on the Events & Participation page on the Making Security Measurable Web site.
Agenda Now Available for MITRE’s Security Automation Developer Days 2011 on June 14-17
The agenda for MITRE’s free Security Automation Developer Days 2011 conference scheduled for June 14-17, 2011 at MITRE in Bedford, Massachusetts, USA is now available at https://register.mitre.org/devdays/agenda.pdf.
For registration, lodging, and other conference details please visit the conference registration page.
MITRE to Host Security Automation Developer Days 2011 on June 14-17
MITRE Corporation will host the third Security Automation Developer Days conference on June 14-17, 2011, at MITRE in Bedford, Massachusetts, USA. This four-day conference is technical in nature and will focus on the U.S. National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP).
The purpose of the event is for the community to discuss SCAP — and those existing standards upon which it is based including Open Vulnerability and Assessment Language (OVAL®), Common Configuration Enumeration (CCE™), Common Platform Enumeration (CPE™), Extensible Configuration Checklist Description Format (XCCDF), etc. — in technical detail and to derive solutions that benefit all concerned parties. All current and emerging SCAP standards are addressed at this workshop. MITRE first hosted Developer Days in 2005 and has been running them annually ever since. The model for these technical exchanges has since been adopted as the format used by the Security Automation community.
An agenda will be available soon. For registration, lodging, and other conference details, please visit: https://register.mitre.org/devdays/.
MITRE Hosts CEE/Making Security Measurable Booth at InfoSec World 2011
MITRE hosted a CEE/Making Security Measurable booth at InfoSec World Conference & Expo 2011 at Disney’s Contemporary Resort in Orlando, Florida, USA, on April 19-21, 2011. Attendees learned how the CVE, CCE, CPE, CAPEC, CWE, CEE, OVAL, MAEC, etc. information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.
Visit the CEE Calendar for information on this and other events.
MITRE to Host CEE/Making Security Measurable Booth at InfoSec World 2011, April 19-21
MITRE will host a CEE/Making Security Measurable booth at InfoSec World Conference & Expo 2011 at Disney’s Contemporary Resort in Orlando, Florida, USA, on April 19-21, 2011. Members of the CEE Team will be in attendance. Please stop by Booth 307 and say hello!
Visit the CEE Calendar for information on this and other events.
MITRE Hosts OVAL/Making Security Measurable Booth at 2011 Information Assurance Symposium
MITRE hosted a CEE/Making Security Measurable booth at the 2011 Information Assurance Symposium in Nashville, Tennessee, USA, on March 8-10, 2011. The symposium is designed to bring together industry, government, and military information assurance (IA) professionals with the latest available IA products and solutions.
Visit the CEE Calendar for information on this and other events.
MITRE Hosts CEE/Making Security Measurable Booth at RSA 2011
MITRE hosted a CEE/Making Security Measurable booth at RSA 2011 at the Moscone Center in San Francisco, California, USA, on February 14-18, 2011. Attendees learned how the CVE, CCE, CPE, CAPEC, CWE, CEE, OVAL, MAEC, etc. information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.
Visit the CEE Calendar for information on this and other events.
MITRE to Host CEE/Making Security Measurable Booth at RSA 2011, February 14-18
MITRE will host a CEE/Making Security Measurable booth at RSA 2011 at the Moscone Center in San Francisco, California, USA, on February 14-18, 2011. Members of the CEE Team will be in attendance. Please stop by Booth 2617 and say hello!
Visit the CEE Calendar for information on this and other events.
CEE/Making Security Measurable Booth at Black Hat DC 2011
MITRE hosted a CEE/Making Security Measurable booth at Black Hat DC 2011 on January 18-19, 2011 in Arlington, Virginia, USA. Attendees learned how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.
Visit the CEE Calendar for information on this and other events.
Join the CEE Discussion List
Active participation is an important part of CEE. Members of the information security community are invited to participate in the CEE effort by joining our lightly moderated CEE Email Discussion List. Sign-up now or view the most recent topics under discussion in the Discussion Archives.
MITRE Announces Initial "Making Security Measurable" Calendar of Events for 2011
MITRE has announced its initial Making Security Measurable calendar of events for 2011. Details regarding MITRE’s scheduled participation at these events are noted on the CEE Calendar page. Each listing includes the event name with URL, date of the event, location, and a description of our activity at the event.
Other events may be added throughout the year. Visit the CEE Calendar for information or contact cee@mitre.org to have MITRE present a briefing or participate in a panel discussion about CEE, CVE, CCE, CPE, CAPEC, CWE, MAEC, OVAL, Software Assurance, and/or Making Security Measurable at your event.
CEE/Making Security Measurable Briefing at ITU-T Security Workshop
CEE Team Member and CWE/CAPEC Program Manager Robert A. Martin presented a briefing about CEE/Making Security Measurable entitled "Vendor Neutral Security Measurement & Management with Standards" at ITU-T security workshop "Addressing Security Challenges on a Global Scale" on December 6-7, 2010 in Geneva, Switzerland.
Visit the CEE Calendar for information on this and other events.
CEE/Making Security Measurable Briefing at Rethinking Cyber Security: A Systems-Based Approach Conference
CEE Team Member and CWE Program Manager Robert A. Martin presented a briefing about CEE/Making Security Measurable and the Common Weakness Enumeration (CWE) at Rethinking Cyber Security: A Systems-Based Approach Conference on November 16-17, 2010 in Charlottesville, Virginia, USA.
Visit the CEE Calendar for information on this and other events.
Page Last Updated: November 15, 2011