The XDR Alliance released an open source Common Information Model (CIM). It aims to build the foundation for the next-generation extended detection and response (XDR) and threat detection, investigation, and response (TDIR) services. 

The XDR Alliance is a cybersecurity partnership committed to building an inclusive and collaborative XDR framework and architecture. “The CIM is yet another step forward in creating a collaborative and open XDR approach, providing security teams a common framework to communicate consistently,” said Phil Shigo, VP of business development at ExtraHop, which is one of the founding members. 

The members of the XDR Alliance collaborated on this open source CIM and used the lessons learned from their customer deployments. As organizations’ technology stacks and security infrastructure evolve, the model enables easy integration of legacy XDR tools and the latest cloud technologies, along with built-in extension capabilities for the next-generation XDR services, the alliance claims. 

“The CIM provides the broader cybersecurity industry with a common foundation for understanding, normalizing, getting deeper visibility into, and enriching log data across technologies to provide organizations with simplified integration and a more holistic picture of their environments,” the alliance noted. 

This model is available via public GitHub with Apache 2.0 licensing. “Releasing the CIM with an Apache license is a testament to our commitment to open security and transparency,” said Andy Skrei, senior director of product management at Exabeam.  

The next project the members are working on is API integrations, according to XDR Alliance.

Founding members of the XDR Alliance include Armis, Exabeam, Expel, ExtraHop, Google Cloud Security, Mimecast, Netskope, and SentinelOne. Last year, CyberArk, Recorded Future, and VMware joined the alliance. 

“We are joining the XDR Alliance to help build standards so that we can help work in the ecosystem to make sure that all of these systems work together and make the job of the security operations team easier and more effective,” Tom Gillis, SVP and GM of networking and advanced security business group at VMware, noted when announcing the news. 

XDR Alliance members offer services such as security analytics, security information and event management (SIEM), endpoint, email, identity, cloud, network, operational technology, and IoT security and threat intelligence. And they work together to provide open XDR and TDIR. 

For the API integration project, the alliance expanded its managed security service providers (MSSPs) and managed detection and response services (MDRs) categories and plans to announce new members in those categories.