That's an interesting use case that crosses over both the IDS security ticket information, and the common log and logging requirements. I'll add it to the Security Model document for further examination.
From: larryupthegrove [mailto:larryupthegrove at comcast.net]
Sent: Tuesday, March 27, 2012 10:02 AM
To: ids at pwg.org
Cc: Murdock, Joe
Subject: IDS Use case security
I have attached a use case that was typical in several environments where an incident occurred.
This use case could apply to several regulated industries, and could be either an internal system or processes involving external vendors.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...