In the early 2000s, a #CS student and myself developed an #IDMEF/#IDXP compliant security event message pipelining framework for collecting and consolidating messages from network #IDS, and #EDR products.

In the messages stream, we were able to match multi-stage #correlation #DetectionRules in near real-time (in-memory), before everything was stored in central database. Structural graph-based #AnomalyDetection was developed later by some colleagues.

We called it #MetaIDS.