1. Introduction

   This document defines requirements for the Intrusion Detection
   Message Exchange Format (IDMEF) [5], a product of the Intrusion
   Detection Exchange Format Working Group (IDWG).  IDMEF was planned to
   be a standard format that automated Intrusion Detection Systems
   (IDSs) [4] could use for reporting what they have deemed to be
   suspicious or of interest.  This document also specifies requirements
   for a communication protocol for communicating IDMEF.  As chartered,
   IDWG has the responsibility to first evaluate existing communication
   protocols before choosing to specify a new one.  Thus the
   requirements in this document can be used to evaluate existing
   communication protocols.  If IDWG determines that a new communication
   protocol is necessary, the requirements in this document can be used
   to evaluate proposed solutions.

1.1. Conventions Used in This Document

   This is not an IETF standards-track document [2], and thus the key
   words MUST, MUST NOT, SHOULD, and MAY are NOT as in BCP 14, RFC 2119
   [1], but rather:

   o  MUST: This word, or the terms REQUIRED or SHALL, means that the
      described behavior or characteristic is an absolute requirement
      for a proposed IDWG specification.

   o  MUST NOT: This phrase, or the phrase SHALL NOT, means that the
      described behavior or characteristic is an absolute prohibition of
      a proposed IDWG specification.

   o  SHOULD: This word, or the adjective RECOMMENDED, means that there
      may exist valid reasons in particular circumstances for a proposed
      IDWG specification to ignore described behavior or
      characteristics.

   o  MAY: This word, or the adjective OPTIONAL, means that the
      described behavior or characteristic is truly optional for a
      proposed IDWG specification.  One proposed specification may
      choose to include the described behavior or characteristic,
      whereas another proposed specification may omit the same behavior
      or characteristic.