IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Sguil-0.5.0 Released

From: Bamm Visscher <bamm () satx rr com>
Date: Tue, 29 Jun 2004 11:21:12 -0500
Announcing the release of sguil-0.5.0. Get it at http://sguil.sourceforge.net
 
Sguil (pronounced sgweel), is built by network security analysts for network security analysts. Sguil"s main component 
is an intuiative GUI that provides the analyst with realtime events from snort/barnyard. It also includes other 
components which faciliate the practice of Network Security Monitoring and event driven analysis of IDS alerts. The 
sguil client is written in tcl/tk and can be ran on any operating system that supports tcl/tk (including Linux, *BSD, 
Solaris, MacOS, and Win32).

Richard Bejtlich (http://www.taosecurity.com) recently received permission to post chapter 10 of his book "The Tao of 
Network Security Monitoring: Beyond Intrusion Detection" online. The title of the chapter is "Alert Data: NSM Using 
Sguil". The chapter provides detailed examples of using sguil and how all the pieces interrelate. It is available as a 
.pdf here:
http://sguil.sourceforge.net/downloads/tao_of_nsm_ch10_isbn_0321246772_copyright_2004_pearson.pdf
 
Those who would like to demo the client without going through a full blown server and sensor installation can install 
the client and point it towards sguil.dyndns.org (default ports). Authentication is off and you may use any 
username/password.
 
As always, help can always be found via mailing lists and in irc (irc.freenode.net
#snort-gui).
 
Changes/new features to sguil-0.5.0 include:
 
* Changes to the spp_stream4 patch (now includes ip_proto). Don't
  forget to recompile snort w/the new patch if you use this option.
  The database version must be upgraded with this release too.

* Event correlation/aggregation moved to sguild. This should improve the speed
  that events get loaded into the client on init.

* Xscriptd functions moved into sguild. Communication is done via sensor_agent.

* Sguild server can be changed at login.

* A list of analysts who are monitoring each sensor is displayed during the
  sensor select dialog.

* The sguil client is now available as an RPM.

Bammkkkk


---------------------------------------------------------------------------

---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: