In the early 2000s, #SvenHenkel and myself developed an #IDMEF/ #IDXP compliant security event message pipelining framework for collecting and consolidating log messages, e.g., from network #IDS, and #EDR products.

In the messages stream, we were able to match multi-stage #correlation #DetectionRules in near real-time (in-memory), before everything was stored in a central database. Structural graph-based #AnomalyDetection was developed later by some colleagues.

We called it #MetaIDS.