Reporting standard for SIM needs to be adopted
You’ve got anywhere from six to 60 security applications and tools in your data center, and most of them work pretty well. There’s just one problem: None of them speak the same language.
ArcSight today attacked that problem by proposing a new log management standard, the Common Event Format, that could enable security devices and applications to present and exchange event data in a common way. The net result: Security managers might soon be able to analyze security incidents from a single screen, without plowing through event logs and data on a dozen different apps or appliances.
Amen brother. SIMs were supposed to fix so many problems by pulling logs together and alerting on them. But so many devices that spit out syslog messages use different formats, and then the SIM vendor has a choice: either partner with every security vendor out there, or partner with a few but accept syslog and make you create your own alerts. Something needs to happen, and badly. This os one of the reasons security management outsourcing is becoming so popular.
Vet
