Sguil

Sguil
Original author(s)	Bamm Visscher, Steve Halligan
Stable release	0.9.0 / April 4, 2014; 10 years ago
Written in	Tcl/Tk
Operating system	Cross-platform
Type	Network Security Monitoring
License	GPLv3
Website	sguil.sourceforge.net

Short description: Network management software

Sguil (pronounced sgweel or squeal) is a collection of free software components for Network Security Monitoring (NSM) and event driven analysis of IDS alerts.^[2] The sguil client is written in Tcl/Tk^[3]^[2] and can be run on any operating system that supports these. Sguil integrates alert data from Snort, session data from SANCP, and full content data from a second instance of Snort running in packet logger mode.

Sguil is an implementation of a Network Security Monitoring system. NSM is defined as "collection, analysis, and escalation of indications and warnings to detect and respond to intrusions."

Sguil is released under the GPL 3.0.^[4]

Tools that make up Sguil

Tool	Purpose
MySQL 4.x or 5.x	Data storage and retrieval
Snort 2.x / Suricata	Intrusion detection alerts, scan detection, packet logging
Barnyard / Barnyard2	Decodes IDS alerts and sends them to sguil
SANCP	TCP/IP session records
Tcpflow	Extract an ASCII dump of a given TCP session
p0f	Operating system fingerprinting
tcpdump	Extracts individual sessions from packet logs
Wireshark	Packet analysis tool (used to be called Ethereal)

^[5]

References

↑ Squil downloads
↑ ^2.0 ^2.1 Lockhart, Andrew (9 November 2006). "11: Network Intrusion Detection". Network Security Hacks (2nd ed.). O'Reilly Media. Hack 108 - Monitor Your IDS in Real Time - Use Sguil's advanced GUI to monitor and analyze IDS events in a timely manner. ISBN 978-0596527631.
↑ Bejtlich, Richard (5 August 2013). The Practice of Network Security Monitoring: Understanding Incident Detection and Response (1st ed.). No Starch Press. ISBN 978-1593275099.
↑ README file in the tarball
↑ Cox, Kerry; Gerg, Christopher (February 2009). "13: Strategies for High-Bandwidth Implementations of Snort". Managing Security with Snort & IDS Tools - Intrusion Detection with Open Source Tools. O'Reilly Media. p. 223. Sguil: An alternative Management Console. ISBN 978-0596006617.

External links

Sguil Homepage

0.00

(0 votes)

Original source: https://en.wikipedia.org/wiki/Sguil. Read more

[1] Squil downloads

[NHS-2] 2.0 ^2.1 Lockhart, Andrew (9 November 2006). "11: Network Intrusion Detection". Network Security Hacks (2nd ed.). O'Reilly Media. Hack 108 - Monitor Your IDS in Real Time - Use Sguil's advanced GUI to monitor and analyze IDS events in a timely manner. ISBN 978-0596527631.

[RJ1-3] Bejtlich, Richard (5 August 2013). The Practice of Network Security Monitoring: Understanding Incident Detection and Response (1st ed.). No Starch Press. ISBN 978-1593275099.

[4] README file in the tarball

[CoxGerg-5] Cox, Kerry; Gerg, Christopher (February 2009). "13: Strategies for High-Bandwidth Implementations of Snort". Managing Security with Snort & IDS Tools - Intrusion Detection with Open Source Tools. O'Reilly Media. p. 223. Sguil: An alternative Management Console. ISBN 978-0596006617.

[1]

[2]

[3]

[4]

[5]

Sguil

Topic: Software

Contents

Tools that make up Sguil

See also

References

External links