Before CEE, log reporting was platform specific, making it difficult, if not impossible, to correlate similar events across systems. CEE, which was spearheaded by MITRE in 2007 through an industry working group, is a common taxonomy, syntax and language for reporting log events. MITRE is an organization that works with the U.S. government on technology issues, including IT security.
The benefits of consistent event and log reporting are enormous. It defines an event unambiguously according to an agreed upon standard, no matter the platform where it occurred, and tightens compliance by providing a standard definition for events for auditors and regulators. It can also cut costs of log management by reducing redundancy in logging from multiple systems.
The status of CEE is that MITRE has an active working group with a mailing list for those interested in participating. For more information about the working group, including how to subscribe to the mailing list, check the MITRE website.
Another good guide on security log management is Special Publication 800-92 from the National Institute of Standards and Technology (NIST).
Dig Deeper on IT security audits and audit frameworks
Related Q&A from Joel Dubin
Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums ... Continue Reading
Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good ... Continue Reading
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.