Before CEE, log reporting was platform specific, making it difficult, if not impossible, to correlate similar events...
across systems. CEE, which was spearheaded by MITRE in 2007 through an industry working group, is a common taxonomy, syntax and language for reporting log events. MITRE is an organization that works with the U.S. government on technology issues, including IT security.
The benefits of consistent event and log reporting are enormous. It defines an event unambiguously according to an agreed upon standard, no matter the platform where it occurred, and tightens compliance by providing a standard definition for events for auditors and regulators. It can also cut costs of log management by reducing redundancy in logging from multiple systems.
The status of CEE is that MITRE has an active working group with a mailing list for those interested in participating. For more information about the working group, including how to subscribe to the mailing list, check the MITRE website.
Another good guide on security log management is Special Publication 800-92 from the National Institute of Standards and Technology (NIST).
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ...continue reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ...continue reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.