A Proposed Translation Data Model for Flow Format Interoperability
September 2005 • White Paper
Brian Trammell
In this paper, Brian Trammell presents a proposed solution to the problem of mutual unintelligibility of raw flow and intermediate analysis data.
Abstract
A significant technical barrier to the growth of the security-oriented network flow data analysis community is the mutual unintelligibility of raw flow and intermediate analysis data used by the proliferation of flow data analysis tools. As a solution to this problem, this paper presents a common event data model and a translator built around it to adapt each tool's native format to this common model.