Misplaced Pages

Sguil

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Network management software
Sguil
Original author(s)Bamm Visscher, Steve Halligan
Stable release0.9.0 / April 4, 2014; 10 years ago (2014-04-04)
Written inTcl/Tk
Operating systemCross-platform
TypeNetwork Security Monitoring
LicenseGPLv3
Websitesguil.sourceforge.net

Sguil (pronounced sgweel or squeal) is a collection of free software components for Network Security Monitoring (NSM) and event driven analysis of IDS alerts. The sguil client is written in Tcl/Tk and can be run on any operating system that supports these. Sguil integrates alert data from Snort, session data from SANCP, and full content data from a second instance of Snort running in packet logger mode.

Sguil is an implementation of a Network Security Monitoring system. NSM is defined as "collection, analysis, and escalation of indications and warnings to detect and respond to intrusions."

Sguil is released under the GPL 3.0.

Tools that make up Sguil

Tool Purpose
MySQL 4.x or 5.x Data storage and retrieval
Snort 2.x / Suricata Intrusion detection alerts, scan detection, packet logging
Barnyard / Barnyard2 Decodes IDS alerts and sends them to sguil
SANCP TCP/IP session records
Tcpflow Extract an ASCII dump of a given TCP session
p0f Operating system fingerprinting
tcpdump Extracts individual sessions from packet logs
Wireshark Packet analysis tool (used to be called Ethereal)

See also

References

  1. Squil downloads
  2. ^ Lockhart, Andrew (9 November 2006). "11: Network Intrusion Detection". Network Security Hacks (2nd ed.). O'Reilly Media. ISBN 978-0596527631. Hack 108 - Monitor Your IDS in Real Time - Use Sguil's advanced GUI to monitor and analyze IDS events in a timely manner.
  3. Bejtlich, Richard (5 August 2013). "8.2 Using sguil". The Practice of Network Security Monitoring: Understanding Incident Detection and Response (1st ed.). No Starch Press. ISBN 978-1593275099.
  4. README file in the tarball
  5. Cox, Kerry; Gerg, Christopher (February 2009). "13: Strategies for High-Bandwidth Implementations of Snort". Managing Security with Snort & IDS Tools - Intrusion Detection with Open Source Tools. O'Reilly Media. p. 223. ISBN 978-0596006617. Sguil: An alternative Management Console.

External links

Stub icon

This security software article is a stub. You can help Misplaced Pages by expanding it.

Categories: