Sguil
Sguil (pronounced sgweel or squeal) is a collection of free software components for Network Security Monitoring (NSM) and event driven analysis of IDS alerts.[2] The sguil client is written in Tcl/Tk[3][2] and can be run on any operating system that supports these. Sguil integrates alert data from Snort, session data from SANCP, and full content data from a second instance of Snort running in packet logger mode.
Original author(s) | Bamm Visscher, Steve Halligan |
---|---|
Stable release | 0.9.0[1]
/ March 28, 2014 |
Written in | Tcl/Tk |
Operating system | Cross-platform |
Type | Network Security Monitoring |
License | GPLv3 |
Website | sguil |
Sguil is an implementation of a Network Security Monitoring system. NSM is defined as "collection, analysis, and escalation of indications and warnings to detect and respond to intrusions."
Sguil is released under the GPL 3.0.[4]
Tools that make up Sguil
Tool | Purpose |
---|---|
MySQL 4.x or 5.x | Data storage and retrieval |
Snort 2.x / Suricata | Intrusion detection alerts, scan detection, packet logging |
Barnyard / Barnyard2 | Decodes IDS alerts and sends them to sguil |
SANCP | TCP/IP session records |
Tcpflow | Extract an ASCII dump of a given TCP session |
p0f | Operating system fingerprinting |
tcpdump | Extracts individual sessions from packet logs |
Wireshark | Packet analysis tool (used to be called Ethereal) |
gollark: It might send colors soon™ eventually™ though.
gollark: You could do it fairly easily.
gollark: Command line game?
gollark: Or, indeed, wrists.
gollark: EWO has no wrist damage mechanic.
See also
- Sagan
- Intrusion detection system (IDS)
- Intrusion prevention system (IPS)
- Network intrusion detection system (NIDS)
- Metasploit Project
- nmap
- Host-based intrusion detection system comparison
References
- Squil downloads
- Lockhart, Andrew (9 November 2006). "11: Network Intrusion Detection". Network Security Hacks (2nd ed.). O'Reilly Media. ISBN 978-0596527631. Hack 108 - Monitor Your IDS in Real Time - Use Sguil's advanced GUI to monitor and analyze IDS events in a timely manner.
- Bejtlich, Richard (5 August 2013). "8.2 Using sguil". The Practice of Network Security Monitoring: Understanding Incident Detection and Response (1st ed.). No Starch Press. ISBN 978-1593275099.
- README file in the tarball
- Cox, Kerry; Gerg, Christopher (February 2009). "13: Strategies for High-Bandwidth Implementations of Snort". Managing Security with Snort & IDS Tools - Intrusion Detection with Open Source Tools. O'Reilly Media. p. 223. ISBN 978-0596006617. Sguil: An alternative Management Console.
External links
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.