PRELUDE OSS : Prelude collects, archives, normalizes, sorts, aggregates, correlates and reports all security-related events independently of the product brand or license giving rise to such events. Prelude OSS uses IDMEF format. It’s a good tool to get familiar with IDMEF format as all attribut values are visible from the Graphical User Interface
SamHain : The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain can send IDMEF output to Prelude IDS : http://www.la-samhna.de/samhain/manual/preludedetails.html
Sagan : Sagan is an open source (GNU/GPLv2) high performance, real-time log analysis & correlation engine that run under *nix operating systems (Linux/FreeBSD/ OpenBSD/etc). Sagan can send IDMEF output to Prelude IDS
Snort : Snort est un système de détection d’intrusion (ou NIDS) libre publié sous licence GNU GPL. Snort est compatible IDMEF via Barnyard2
Barnyard2 : Barnyard2 is a dedicated spooler for Snort’s unified2 binary output format
Orchids : OrchIDS is a new generation Intrusion Detection System (IDS) based on real-time event correlation
SDEE : Security Device Event Exchange (Cisco)
The Security Device Event Exchange (SDEE) is a specification for the message formats and the messaging protocol used to communicate the events generated by security devices. Cisco Intrusion Detection Event Exchange (CIDEE) specifies the extensions to the Security Device Event Exchange (SDEE) that are utilized by Cisco’s network-based intrusion prevention systems.
CEE : Common Event Expression (Mitre)
CEE™ is the Common Event Expression initiative being developed by a community representing the vendors, researchers, and end users, and coordinated by MITRE. The primary goal of the effort is to standardize the representation and exchange of logs from electronic systems. Nota : Due to changing priorities, the U.S. Government organization that sponsored MITRE’s work on CEE has decided to stop funding development of CEE to focus on other priorities.
CEF : Common Event Format (ArcSight) : CEF (Common Exchange Format) is format proposed by ArcSight for promoting interoperability between various event- or log-generating devices ( security and not-security devices.)