Sguil-0.5.0 Released
From: Bamm Visscher (bamm_at_satx.rr.com)
Date: 06/29/04
- Previous message: pieter claassen: "Re: [Snort-users] RE: Network Behaviour Anomoly Detection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Jun 2004 11:21:12 -0500 To: focus-ids@securityfocus.com
Announcing the release of sguil-0.5.0. Get it at http://sguil.sourceforge.net
Sguil (pronounced sgweel), is built by network security analysts for network security analysts. Sguil"s main component is an intuiative GUI that provides the analyst with realtime events from snort/barnyard. It also includes other components which faciliate the practice of Network Security Monitoring and event driven analysis of IDS alerts. The sguil client is written in tcl/tk and can be ran on any operating system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).
Richard Bejtlich (http://www.taosecurity.com) recently received permission to post chapter 10 of his book "The Tao of Network Security Monitoring: Beyond Intrusion Detection" online. The title of the chapter is "Alert Data: NSM Using Sguil". The chapter provides detailed examples of using sguil and how all the pieces interrelate. It is available as a .pdf here:
http://sguil.sourceforge.net/downloads/tao_of_nsm_ch10_isbn_0321246772_copyright_2004_pearson.pdf
Those who would like to demo the client without going through a full blown server and sensor installation can install the client and point it towards sguil.dyndns.org (default ports). Authentication is off and you may use any username/password.
As always, help can always be found via mailing lists and in irc (irc.freenode.net
#snort-gui).
Changes/new features to sguil-0.5.0 include:
* Changes to the spp_stream4 patch (now includes ip_proto). Don't
forget to recompile snort w/the new patch if you use this option.
The database version must be upgraded with this release too.
* Event correlation/aggregation moved to sguild. This should improve the speed
that events get loaded into the client on init.
* Xscriptd functions moved into sguild. Communication is done via sensor_agent.
* Sguild server can be changed at login.
* A list of analysts who are monitoring each sensor is displayed during the
sensor select dialog.
* The sguil client is now available as an RPM.
Bammkkkk
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: pieter claassen: "Re: [Snort-users] RE: Network Behaviour Anomoly Detection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
