Sguil 0.2 Released

My friend Bamm Visscher released version 0.2 of his Snort-based network monitoring solution, called sguil. I will be working on more comprehensive documentation when I finish my current incident response deployments! Also, check out the new project logo! From the announcement:


Sguil (pronounced "sgweel") is a graphical interface to snort. The actual interface and GUI server are written in tcl/tk. Sguil uses other open source software like barnyard and mysql for accessing data. The client interface provides 'hooks' to analyst tools like ethereal, tcpflow, and p0f. Sguil makes it easy for multiple analyst to work together in monitoring multiple sensors. Currently, sguil only provides an analyst interface. Sensor and rule management is forthcoming.


Sguil-0.2 includes numerous changes and bugfixes. Notable additions inlude event history, event comments, access to session data (stream4 keepstats), abuse email templates, and user accountability. See http://sguil.sourceforge.net for downloads, updated screenshots, and more info.

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics