Sguil
Encyclopedia
Sguil is a collection of Free software components for Network Security Monitoring (NSM) and event driven analysis of IDS alerts. The sguil client is written in Tcl/Tk and can be run on any operating system that supports Tcl
/Tk. Sguil integrates alert data from Snort
, session data from SANCP, and full content data from a second instance of Snort running in packet logger mode.
Sguil is an implementation of a Network Security Monitoring (NSM) system. Richard Bejtlich and Bamm "qru" Visscher define an NSM as "collection, analysis, and escalation of indications and warnings to detect and respond to intrusions."
What makes this particularly interesting is that this is basically a suite of tools which one can use as the foundation of an organization's Security Operations Center
(SOC).
Tcl
Tcl is a scripting language created by John Ousterhout. Originally "born out of frustration", according to the author, with programmers devising their own languages intended to be embedded into applications, Tcl gained acceptance on its own...
/Tk. Sguil integrates alert data from Snort
Snort
Snort may refer to:* Snort , a package for intrusion detection* Snort, a map-coloring game* Insufflation, the act of blowing, breathing, hissing, or puffing...
, session data from SANCP, and full content data from a second instance of Snort running in packet logger mode.
Sguil is an implementation of a Network Security Monitoring (NSM) system. Richard Bejtlich and Bamm "qru" Visscher define an NSM as "collection, analysis, and escalation of indications and warnings to detect and respond to intrusions."
What makes this particularly interesting is that this is basically a suite of tools which one can use as the foundation of an organization's Security Operations Center
Security Operations Center
A Security Operations Center is a centralized unit in an organization that deals with security issues, on an organizational and technical level. An SOC within a building or facility is a central location from where staff supervises the site, using data processing technology...
(SOC).
See also
- SnortSnortSnort may refer to:* Snort , a package for intrusion detection* Snort, a map-coloring game* Insufflation, the act of blowing, breathing, hissing, or puffing...
- Intrusion detection system (IDS)
- Intrusion prevention system (IPS)
- Network intrusion detection systemNetwork intrusion detection systemA Network Intrusion Detection System is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by Network Security Monitoring of network traffic.A NIDS reads all the incoming packets and tries to...
(NIDS) - Metasploit ProjectMetasploit ProjectThe Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development....
- nmapNmapNmap is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" ofthe network...
- WiresharkWiresharkWireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education...
External links
- Sguil Homepage
- NSMWiki: The official wiki for the Sguil project.