doplneni drobnosti; uprava formatovani; oprava kreklepu

1d897ff5 · Tomáš Plesník · 20691b9c · 1d897ff5
Commit 1d897ff5 authored 13 years ago by Tomáš Plesník
--- a/src/warden-client/doc/README.cesnet
+++ b/src/warden-client/doc/README.cesnet
 +-------------------------------------+
-| README.cesnet - Warden Client 1.0.0 |
+| README.cesnet - Warden Client 1.1.0 |
+|				      |
 | CESNET Specifics                    |
 +-------------------------------------+

@@ -7,9 +8,11 @@ Content

 A. Overall Information
 B. Registration
- C. Configuration
- D. Testing
- E. Authors of this document
+ C. Description tags
+ D. Types of events
+ E. Configuration
+ F. Testing
+ G. Authors of this document

 --------------------------------------------------------------------------------
 A. Overall Information
@@ -23,19 +26,19 @@ A. Overall Information

 2. Version

-    1.0.0 (2011-11-16)
+    1.1.0 (2011-11-16) - DOPLNIT

 --------------------------------------------------------------------------------
 B. Registration

    Client attempting to communicate with CESNET Warden server must be
    registered. Registration is currently provided by Tomas Plesnik at
-    address plesnik@ics.muni.cz and following information is needed:
+    mail address plesnik@ics.muni.cz and following information is needed:

    * For sender client:
      - hostname of the machine, where client runs,
-      - name of the detection service (for example 'ScanDetector'),
      - client type = sender,
+      - name of the detection service (for example 'ScanDetector'),
      - description tags of sent events (see below)
      - CIDR from which client will communicate with Warden server.

@@ -61,26 +64,27 @@ B. Registration
 C. Description tags

   Tags are case insensitive alphanumeric strings, designed to allow event
-receivers to do more general filtering according to event source. Receiver
-can for example decide to use only events originating at honeypots, or
-filter out events, generated by human conclusions or correlation engines.
+   receivers to do more general filtering according to event source. Receiver
+   can for example decide to use only events originating at honeypots, or
+   filter out events, generated by human conclusions or correlation engines.

   Sender client specifies its descriptive tags during registration, it is
-up to client administrator's judgment to select or omit any particular tag.
+   up to client administrator's judgment to select or omit any particular tag.
   Currently tags fall into four general categories - based on event medium,
-data source, detection methodology and detector or analyzer product name.
+   data source, detection methodology and detector or analyzer product name.
   Product name tag is free to choose if same product name was not yet
-accepted by registrar, otherwise existing form must be used (registrar will
-notify about such cases).
-   Categories list is certainly not complete.  Therefore if new client's
-administrator feels that name or type of important feature of his (or
-others) detector is not covered, providers of Warden server are glad to
-discuss it at registration address or at Warden project mailing list. 
-However, it may or may not be accepted, as aim is to keep the list of
-categories possibly unambiguous, short and usable.
+   accepted by registrar, otherwise existing form must be used (registrar will
+   notify about such cases).
+   Categories list is certainly not complete. Therefore if new client's
+   administrator feels that name or type of important feature of his (or
+   others) detector is not covered, providers of Warden server are glad to
+   discuss it at registration address or at Warden project mailing list 
+   (warden@cesnet.cz).
+   However, it may or may not be accepted, as aim is to keep the list of
+   categories possibly unambiguous, short and usable.

   Following is grouped list of tags together with closer description and
-examples.
+   examples.

 1. Detection medium

@@ -114,11 +118,11 @@ examples.
 --------------------------------------------------------------------------------
 D. Types of events

-   Event types purpose is to allow event receivers to filter and/or
-categorise particular events according to attack characteristics. Types are
-loosely chosen as list of common security incidents nowadays observed. List
-is by no means complete, however it was created based on expected use cases
-at receiving places. Possibility of a new type is also open to discussion.
+   Event types purpose is to allow event receivers to filter and/or categorise
+   particular events according to attack characteristics. Types are loosely
+   chosen as list of common security incidents nowadays observed. List is by no
+   means complete, however it was created based on expected use cases at
+   receiving places. Possibility of a new type is also open to discussion.

   * portscan - TCP/UDP port scanning/sweeping
   * bruteforce - dictionary/bruteforce attack to services authentication
@@ -133,7 +137,7 @@ at receiving places. Possibility of a new type is also open to discussion.
   * other - the rest, uncategorizable yet

   In case of complex scenarios with structured info more events with
-particular parts of information can be created.
+   particular parts of information can be created.

 --------------------------------------------------------------------------------
 E. Configuration
@@ -153,4 +157,4 @@ G. Authors of this document
    Pavel Kacha     <ph@cesnet.cz>
    Jan Soukal      <soukal@ics.muni.cz>

-Copyright (C) 2011 Cesnet z.s.p.o
+Copyright (C) 2011-2012 Cesnet z.s.p.o