[Sguil-devel] Sguil-0.5.0 Released
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
[Sguil-devel] Sguil-0.5.0 Released
|
From: Bamm V. <ba...@sa...> - 2004-06-29 16:02:36
|
Announcing the release of sguil-0.5.0. Get it at http://sguil.sourceforge.net Sguil (pronounced sgweel), is built by network security analysts for network security analysts. Sguil"s main component is an intuiative GUI that provides the analyst with realtime events from snort/barnyard. It also includes other components which faciliate the practice of Network Security Monitoring and event driven analysis of IDS alerts. The sguil client is written in tcl/tk and can be ran on any operating system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32). Richard Bejtlich (http://www.taosecurity.com) recently received permission to post chapter 10 of his book "The Tao of Network Security Monitoring: Beyond Intrusion Detection" online. The title of the chapter is "Alert Data: NSM Using Sguil". The chapter provides detailed examples of using sguil and how all the pieces interrelate. It is available as a .pdf here: http://sguil.sourceforge.net/downloads/tao_of_nsm_ch10_isbn_0321246772_copyright_2004_pearson.pdf Those who would like to demo the client without going through a full blown server and sensor installation can install the client and point it towards sguil.dyndns.org (default ports). Authentication is off and you may use any username/password. As always, help can always be found via mailing lists and in irc (irc.freenode.net #snort-gui). Changes/new features to sguil-0.5.0 include: * Changes to the spp_stream4 patch (now includes ip_proto). Don't forget to recompile snort w/the new patch if you use this option. The database version must be upgraded with this release too. * Event correlation/aggregation moved to sguild. This should improve the speed that events get loaded into the client on init. * Xscriptd functions moved into sguild. Communication is done via sensor_agent. * Sguild server can be changed at login. * A list of analysts who are monitoring each sensor is displayed during the sensor select dialog. * The sguil client is now available as an RPM. Bammkkkk |