Snort mailing list archives
Sguil-0.5.0 Released
From: Bamm Visscher <bamm () satx rr com>
Date: Tue, 29 Jun 2004 10:59:07 -0500
Announcing the release of sguil-0.5.0. Get it at http://sguil.sourceforge.net Sguil (pronounced sgweel), is built by network security analysts for network security analysts. Sguil"s main component is an intuiative GUI that provides the analyst with realtime events from snort/barnyard. It also includes other components which faciliate the practice of Network Security Monitoring and event driven analysis of IDS alerts. The sguil client is written in tcl/tk and can be ran on any operating system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32). Richard Bejtlich (http://www.taosecurity.com) recently received permission to post chapter 10 of his book "The Tao of Network Security Monitoring: Beyond Intrusion Detection" online. The title of the chapter is "Alert Data: NSM Using Sguil". The chapter provides detailed examples of using sguil and how all the pieces interrelate. It is available as a .pdf here: http://sguil.sourceforge.net/downloads/tao_of_nsm_ch10_isbn_0321246772_copyright_2004_pearson.pdf Those who would like to demo the client without going through a full blown server and sensor installation can install the client and point it towards sguil.dyndns.org (default ports). Authentication is off and you may use any username/password. As always, help can always be found via mailing lists and in irc (irc.freenode.net #snort-gui). Changes/new features to sguil-0.5.0 include: * Changes to the spp_stream4 patch (now includes ip_proto). Don't forget to recompile snort w/the new patch if you use this option. The database version must be upgraded with this release too. * Event correlation/aggregation moved to sguild. This should improve the speed that events get loaded into the client on init. * Xscriptd functions moved into sguild. Communication is done via sensor_agent. * Sguild server can be changed at login. * A list of analysts who are monitoring each sensor is displayed during the sensor select dialog. * The sguil client is now available as an RPM. Bammkkkk ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Sguil-0.5.0 Released Bamm Visscher (Jun 29)