Sguil: Difference between revisions
No edit summary |
No edit summary |
||
| Line 7: | Line 7: | ||
==Introduction== | ==Introduction== | ||
This tutorial was made to introduce Sguil. Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis. | This tutorial was made to introduce Sguil. Sguil (pronounced sgweel) is built by network security analysts for network security analysts. | ||
It is a collection of free software components for Network Security Monitoring (NSM) and event driven analysis of [https://en.wikipedia.org/wiki/Intrusion_prevention_system IDS] alerts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis. | |||
The Sguil client is written in [https://en.wikipedia.org/wiki/Tcl tcl] / [https://en.wikipedia.org/wiki/Tk_(software) tk] and can be run on any operating system that supports [https://en.wikipedia.org/wiki/Tcl tcl] / [https://en.wikipedia.org/wiki/Tk_(software) tk] (including Linux, *BSD, Solaris, MacOS, and Win32). | The Sguil client is written in [https://en.wikipedia.org/wiki/Tcl tcl] / [https://en.wikipedia.org/wiki/Tk_(software) tk] and can be run on any operating system that supports [https://en.wikipedia.org/wiki/Tcl tcl] / [https://en.wikipedia.org/wiki/Tk_(software) tk] (including Linux, *BSD, Solaris, MacOS, and Win32). | ||
It is provided by [https://en.wikipedia.org/wiki/Q_Public_License Q Public License] | It is provided by [https://en.wikipedia.org/wiki/Q_Public_License Q Public License] | ||
Sguil integrates alert data from Snort, session data from SANCP, and full content data from a second instance of Snort running in packet logger mode. | |||
In this introduction I will be covering Sguil in [https://en.wikipedia.org/wiki/Xubuntu Xbuntu]. You will need to know basic Linux syntax and terminology also some terminology concerning overall [https://en.wikipedia.org/wiki/Intrusion_prevention_system intrusion detection and prevention systems (IDPS)] and overall basic networking. | In this introduction I will be covering Sguil in [https://en.wikipedia.org/wiki/Xubuntu Xbuntu]. You will need to know basic Linux syntax and terminology also some terminology concerning overall [https://en.wikipedia.org/wiki/Intrusion_prevention_system intrusion detection and prevention systems (IDPS)] and overall basic networking. | ||
Revision as of 17:04, 6 June 2016
Author: Kustas Kurval
Cyber Security Engineering C11
Written 06.06.2016
Introduction
This tutorial was made to introduce Sguil. Sguil (pronounced sgweel) is built by network security analysts for network security analysts. It is a collection of free software components for Network Security Monitoring (NSM) and event driven analysis of IDS alerts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis.
The Sguil client is written in tcl / tk and can be run on any operating system that supports tcl / tk (including Linux, *BSD, Solaris, MacOS, and Win32).
It is provided by Q Public License
Sguil integrates alert data from Snort, session data from SANCP, and full content data from a second instance of Snort running in packet logger mode.
In this introduction I will be covering Sguil in Xbuntu. You will need to know basic Linux syntax and terminology also some terminology concerning overall intrusion detection and prevention systems (IDPS) and overall basic networking.
