Re: Question about Sguil

[Jaime Nebrera <jnebrera () redborder org>]

Haha, no problem

In essence redBorder started as a Snorby on steroids (adding all the rule
workflow and probe management side) but it's current code base differs
completely. Our initial focus was to add enterprise type capabilities,
while new ones insist more in scalability and intelligence capabilities

The public version is a bit old and still SQL based but new one is fully
big data based. Hope to make this one public soon, but we have to nail some
stuff in place yet

If you want to see the what the 3.x interface looks like here you have a
video

http://youtu.be/TqQBIRagEl0

It mixes information from the IPS and Flow (traffic visibility) but you get
the idea

Enjoy

Hey Jaime, thanks for the reply as well, much appreciated!



No I haven’t heard of that one before… I’ll have to do some reading on that.



Thanks Again,

Matt





*Matthew Martin*

*Network Administrator*

Systems Architecture and Integration

*J.W. Pepper & Son, Inc.*

191 Sheree Blvd.

Exton, PA 19341

610-648-0500 **ext. 2233*

mmartin () jwpepper com



*From:* Jaime Nebrera [mailto:jnebrera () redborder org]
*Sent:* Friday, June 20, 2014 12:30 PM
*To:* snort-users () lists sourceforge net
*Subject:* Re: [Snort-users] Question about Sguil



Hi Matt,

Have you given www.redBorder.org a look?

It will enable you to manage events as well as the probes themselves (rule
workflow)

El 20/06/2014 18:22, "Matt Martin" <MMartin () jwpepper com> escribió:

Hello All,



I am currently using BASE as my frontend for Snort. But I get errors when
clicking into lots of stuff on the GUI, so I’m looking into other GUI
frontends for Snort. Not to mention mostly every time I click on an
“Alert”, when the page loads in the browser it just says in red that “Alert
Deleted”… Don’t know why would it be deleting alerts…



But anyway, I came across Sguil which seems to be a pretty popular choice
amongst GUI frontends for Snort. But I am a bit confused by the
installation process, so I was hoping someone could explain this question
below for me…?



I downloaded the most recent version of Sguil *(*Sguil Version 0.9.0)*. And
reading about the installation process on a number of different sites I am
still confused by the Client/Server/Sensor architecture of it. I currently
have my Snort installation, along with Barnyard2, MySQL, BASE and
Oinkmaster all on the same server *(*I downloaded PulledPork because I
heard good things, but still need to install it and replace Oinkmaster…).*
I have had Snort running now on this server for a few weeks and it seems to
be going well, except for the frontend...



So since I have Snort all contained on a single server am I supposed to
install Sguil Client, Server, and Sensor on that server as well? If I want
to use it simply as a frontend to Snort, do I need all 3 of those? I
couldn’t find any installation docs for Sguil for when Snort and it’s MySQL
Database are on the same server. All the docs seemed to be for *“split”*
Snort installations, i.e. across multiple servers…



Could anyone explain to me those 3 different parts to Sguil? And whether or
not I need all 3 of them installed?

Any thoughts or suggestions would be much appreciated!



Thanks in Advance,

Matt


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!