Sguil

Sguil

Sguil (pronounced "sgweel" or "squeal") is a collection of Free software components for Network Security Monitoring (NSM) and event driven analysis of IDS alerts. The sguil client is written in Tcl/Tk and can be run on any operating system that supports Tcl/Tk. Sguil integrates alert data from Snort, session data from SANCP, and full content data from a second instance of Snort running in packet logger mode.

Sguil is an implementation of a Network Security Monitoring (NSM) system. Richard Bejtlich and Bamm "qru" Visscher define an NSM as "collection, analysis, and escalation of indications and warnings to detect and respond to intrusions."

What makes this particularly interesting is that this is basically a suite of tools which one can use as the foundation of an organization's Security Operations Center (SOC).

Downloads

Sguil's latest version is 0.7.0 available online for download.

External links

* [http://sguil.sourceforge.net Sguil Homepage]
* [http://nsmwiki.org/Main_Page NSMWiki] : The official wiki for the Sguil project.


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Snort (software) — Infobox Software name = Snort caption = collapsible = author = developer = Sourcefire, Inc. released = latest release version = 2.8.3 latest release date = September 5, 2008 latest preview version = latest preview date = frequently updated =… …   Wikipedia

  • Snort — Entwickler Sourcefire Aktuelle Version 2.9.1 (23. August 2011) Betriebssystem Plattformunabhängig Kategorie Intrusion …   Deutsch Wikipedia

  • Snort — Développeur Martin Roesch, puis la communauté Snort Dernière version …   Wikipédia en Français

  • Snort — Тип Система обнаружения вторжений Автор Martin Roesch Разработчик Sourcefire, Inc. Написана на Си Операционн …   Википедия

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”