The event model is designed to carry information about Security Events – activities that are sensed on networks and resources.<br/>A small set of core information about any given event is considered to be common across all event reporting.  That data consists of information such as start time, stop time, unique identifier, a name, and data about the sensor that was used to collect the information.  However, other information collected about events varies significantly based on the type of activity that is reported.  In order to deal with the requirement to track multiple event types while still enhancing the probability of successful correlation, the event models described in this section all build on the core event data set, which allows for correlation based on time, sensor, location, unique identifier, and other functions of the collecting sensor.  Each event type then adds attributes to describe the particular type of activity it monitored.  <br/>In the NetD Data Model contribution, events were assumed to be sensed, or collected, by a network or host-based sensor, such as an Intrusion Detection System (IDS).  In the SID, the collection method was generalized to accommodate three types of security event collections methods: Resource, Party, and Party Role.  <br/>