Sguil
Sguil (pronounced sgweel or squeal) is a collection of free software components for Network Security Monitoring (NSM) and event driven analysis of IDS alerts.[2] The sguil client is written in Tcl/Tk[3][2] and can be run on any operating system that supports these. Sguil integrates alert data from Snort, session data from SANCP, and full content data from a second instance of Snort running in packet logger mode.
| Original author(s) | Bamm Visscher, Steve Halligan |
|---|---|
| Stable release | 0.9.0[1]
/ March 28, 2014 |
| Written in | Tcl/Tk |
| Operating system | Cross-platform |
| Type | Network Security Monitoring |
| License | GPLv3 |
| Website | sguil |
Sguil is an implementation of a Network Security Monitoring system. NSM is defined as "collection, analysis, and escalation of indications and warnings to detect and respond to intrusions."
Sguil is released under the GPL 3.0.[4]
Tools that make up Sguil
| Tool | Purpose |
|---|---|
| MySQL 4.x or 5.x | Data storage and retrieval |
| Snort 2.x / Suricata | Intrusion detection alerts, scan detection, packet logging |
| Barnyard / Barnyard2 | Decodes IDS alerts and sends them to sguil |
| SANCP | TCP/IP session records |
| Tcpflow | Extract an ASCII dump of a given TCP session |
| p0f | Operating system fingerprinting |
| tcpdump | Extracts individual sessions from packet logs |
| Wireshark | Packet analysis tool (used to be called Ethereal) |
gollark: I expect it'll just explode or something.
gollark: Wait, new rules?
gollark: My existing setup: basically a lazy giant active-cooling-based TBU fuel thing.
gollark: Well, yes, exactly, there are steam-based generators in my modpack, but I have no idea about compatibility.
gollark: I decided to just go for more regular fission now and fusion later because it's better documented and I've no idea what sort of turbines or whatever work for molten salt.
See also
- Sagan
- Intrusion detection system (IDS)
- Intrusion prevention system (IPS)
- Network intrusion detection system (NIDS)
- Metasploit Project
- nmap
- Host-based intrusion detection system comparison
References
- Squil downloads
- Lockhart, Andrew (9 November 2006). "11: Network Intrusion Detection". Network Security Hacks (2nd ed.). O'Reilly Media. ISBN 978-0596527631. Hack 108 - Monitor Your IDS in Real Time - Use Sguil's advanced GUI to monitor and analyze IDS events in a timely manner.
- Bejtlich, Richard (5 August 2013). "8.2 Using sguil". The Practice of Network Security Monitoring: Understanding Incident Detection and Response (1st ed.). No Starch Press. ISBN 978-1593275099.
- README file in the tarball
- Cox, Kerry; Gerg, Christopher (February 2009). "13: Strategies for High-Bandwidth Implementations of Snort". Managing Security with Snort & IDS Tools - Intrusion Detection with Open Source Tools. O'Reilly Media. p. 223. ISBN 978-0596006617. Sguil: An alternative Management Console.
External links
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.