Software:Sguil

From HandWiki
Revision as of 11:13, 26 July 2022 by imported>Carolyn (linkage)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Short description: Network management software
Sguil
Original author(s)Bamm Visscher, Steve Halligan
Stable release
0.9.0[1] / April 4, 2014; 10 years ago (2014-04-04)
Written inTcl/Tk
Operating systemCross-platform
TypeNetwork Security Monitoring
LicenseGPLv3
Websitesguil.sourceforge.net

Sguil (pronounced sgweel or squeal) is a collection of free software components for Network Security Monitoring (NSM) and event driven analysis of IDS alerts.[2] The sguil client is written in Tcl/Tk[3][2] and can be run on any operating system that supports these. Sguil integrates alert data from Snort, session data from SANCP, and full content data from a second instance of Snort running in packet logger mode.

Sguil is an implementation of a Network Security Monitoring system. NSM is defined as "collection, analysis, and escalation of indications and warnings to detect and respond to intrusions."

Sguil is released under the GPL 3.0.[4]

Tools that make up Sguil

Tool Purpose
MySQL 4.x or 5.x Data storage and retrieval
Snort 2.x / Suricata Intrusion detection alerts, scan detection, packet logging
Barnyard / Barnyard2 Decodes IDS alerts and sends them to sguil
SANCP TCP/IP session records
Tcpflow Extract an ASCII dump of a given TCP session
p0f Operating system fingerprinting
tcpdump Extracts individual sessions from packet logs
Wireshark Packet analysis tool (used to be called Ethereal)

[5]

See also

References

  1. Squil downloads
  2. 2.0 2.1 Lockhart, Andrew (9 November 2006). "11: Network Intrusion Detection". Network Security Hacks (2nd ed.). O'Reilly Media. Hack 108 - Monitor Your IDS in Real Time - Use Sguil's advanced GUI to monitor and analyze IDS events in a timely manner. ISBN 978-0596527631. 
  3. Bejtlich, Richard (5 August 2013). The Practice of Network Security Monitoring: Understanding Incident Detection and Response (1st ed.). No Starch Press. ISBN 978-1593275099. 
  4. README file in the tarball
  5. Cox, Kerry; Gerg, Christopher (February 2009). "13: Strategies for High-Bandwidth Implementations of Snort". Managing Security with Snort & IDS Tools - Intrusion Detection with Open Source Tools. O'Reilly Media. p. 223. Sguil: An alternative Management Console. ISBN 978-0596006617. 

External links