Software Engineering Institute

A significant technical barrier to the growth of the security-oriented network flow data analysis community is the mutual unintelligibility of raw flow and intermediate analysis data used by the proliferation of flow data analysis tools. As a solution to this problem, this paper presents a common event data model and a translator built around it to adapt each tool's native format to this common model.