RE: Snort console recommendation

From: Richard Bejtlich (richard_bejtlich_at_yahoo.com)
Date: 07/08/03

  • Next message: Nawapong Nakjang`: "RE: Snort console recommendation" 
    Date: Mon, 7 Jul 2003 18:29:04 -0700 (PDT)
To: focus-ids@securityfocus.com

    Hi Marcelo,

    Eric forgot to mention a new player on the "Snort
    console" scene -- sguil:

    http://sguil.sourceforge.net/

    We're only in version 0.2, and I need to update the
    install documentation for it. Keep your eyes on the
    web site!

    Sguil is built by analysts for analysts, based on
    experience and principles dating from our team's work
    monitoring Air Force networks and then commercial
    customers. Sguil implements something we call
    "network security monitoring" and is open source. A
    short primer on NSM can be found in pages 2-7 of the
    fourth edition of "Hacking Exposed"
    (http://shop.osborne.com/cgi-bin/osborne/0072227427.html).

    Enjoy,

    Richard Bejtlich
    richard at taosecurity dot com
    http://taosecurity.com

     

    __________________________________
    Do you Yahoo!?
    SBC Yahoo! DSL - Now only $29.95 per month!
    http://sbc.yahoo.com

    -------------------------------------------------------------------------------
    The Lightning Console aggregates IDS events, correlates them with vulnerability
    info, reduces false positives with the click of a button, and distributes this
    information to hundreds of users.

    Visit Tenable Network Security at http://www.tenablesecurity.com to learn more.
    -------------------------------------------------------------------------------

  • Next message: Nawapong Nakjang`: "RE: Snort console recommendation"
    • Quantcast