PaulDotCom mailing list archives
Sagan 0.2.1 [Security Event/Log Analyzer] released.
From: Champ Clark III <cclark () quadrantsec com>
Date: Thu, 05 Apr 2012 10:32:16 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sagan version 0.2.1 has been released [http://sagan.quadrantsec.com] ==================================================================== Champ Clark III [cclark () quadrantsec com] http://www.quadrantsec.com What is Sagan? - -------------- Sagan Main Site: http://sagan.quadrantsec.com Sagan is an open source (GNU/GPLv2) high performance, real-time log analysis & correlation engine. It is written in C and uses a multi-threaded architecture to deliver high performance log & event analysis. The Sagan structure and Sagan rules work similarly to the Sourcefire ?Snort? IDS engine. This was intentionally done to maintain compatibility with rule management software (oinkmaster/pulledpork/etc) and allows Sagan to correlate log events with your Snort IDS/IPS system. Since Sagan can write to Snort IDS/IPS databases via unified2/barnyard2 or direct SQL access, it is compatible with all Snort ?consoles?. For example, Sagan is compatible with Snorby [http://www.snorby.org], Sguil [http://sguil.sourceforge.net] and the Prelude IDS framework! For more information, please visit the Sagan web site: http://sagan.quadrantsec.com. What's new in Sagan? - -------------------- - - Native Snortsam [http://www.snortsam.net] support. Snortsam is a firewall blocking agent for Snort. Sagan can now leverage Snortsam to block attacks based on log analysis and normalization. Snortsam currently supports Checkpoint Firewall-1, Cisco PIX/ASA, Cisco routers, Juniper/Netscreen, ipf/ipfw2 (FreeBSD), pf (OpenBSD), ipchains/iptables/ebtables (Linux), Watchguard, 8signs (Windows), and MS ISA Server (Windows). - - New ?after? rule option ? For example, ?alert me after X number of events?. This works great with thresholding. For example, ?Alert me after X number events, but threshold by the source address when 10 events are reached?. - - New DNS cache system ? Ideally, you will never need this feature but in some environments it can't be avoided. - - Several bug fixes/code clean up (SQL direct write improved, core thread handling changed, etc) What's in the future for Sagan? - ------------------------------- - - New pre-processors for log analysis for better anomaly detection. - - Better documentation. - - New output plug-ins. Where is an online demo? - ----------------------- For an online demo of Sagan and Snorby in action, please go to: http://demo.snorby.org Username: demo () snorby org Password: snorby You'll notice the ?Sagan? sensor online and reporting log data. Questions/Comments: - ------------------ General questions about Sagan should be directed to the Sagan mailing list. This can be found at http://groups.google.com/group/sagan-users. You can also ask question on the Sagan IRC channel (irc.freenode.net #sagan). Author specific questions should be directed to Champ Clark III (cclark () quadrantsec com). Thank you! - -- - - Champ Clark III (cclark () quadrantsec com) Quadrant Information Security (http://quadrantsec.com) Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A GPG Key ID: 0381878A -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPfazwAAoJENnmXt7Lmc3Kv5wH/AzQMN6t4YrK580f8BmWhoS/ vYecYpoUObI/HMCdeMYJscdom+kODP6m7KZSoU5UyJyCAIoaLDzkipVhePjiUodP 3jGGCdiJk6wNxr60vyPj2lRe7iAvO612KGmyEGg329klL8QjKN4sK8s7BV7Xs2rX oqqh0BtF8akNYAGnBrjB+kiahGlEICf0CMkfZD/39XIIejSSpKbl0unqsAx60GwL DnwGAJzFcC1+JIW5mrJpAIqbgaWJyqX+uaKYjAh3oAx1BOAdPHYefrmXJo+4zma4 ljVYsYTlXw3E0GvM6XMb0Q3PEW6rCiEqqBbh/m5w3MW89/E3Lji51E1bcrX9aBc= =o2Vk -----END PGP SIGNATURE----- _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Sagan 0.2.1 [Security Event/Log Analyzer] released. Champ Clark III (Apr 05)