Sguil Explained

Sguil
Author:Bamm Visscher, Steve Halligan
Latest Release Version:0.9.0[1]
Programming Language:Tcl/Tk
Operating System:Cross-platform
Genre:Network Security Monitoring
License:GPLv3

Sguil (pronounced sgweel or squeal) is a collection of free software components for Network Security Monitoring (NSM) and event driven analysis of IDS alerts. The sguil client is written in Tcl/Tk and can be run on any operating system that supports these. Sguil integrates alert data from Snort, session data from SANCP, and full content data from a second instance of Snort running in packet logger mode.

Sguil is an implementation of a Network Security Monitoring system. NSM is defined as "collection, analysis, and escalation of indications and warnings to detect and respond to intrusions."

Sguil is released under the GPL 3.0.[2]

Tools that make up Sguil

Tool Purpose
MySQL 4.x or 5.x Data storage and retrieval
Intrusion detection alerts, scan detection, packet logging
Barnyard / Barnyard2 Decodes IDS alerts and sends them to sguil
SANCP TCP/IP session records
Extract an ASCII dump of a given TCP session
Operating system fingerprinting
Extracts individual sessions from packet logs
Packet analysis tool (used to be called Ethereal)

See also

External links

Notes and References

  1. https://bammv.github.io/sguil/downloads.html Squil downloads
  2. README file in the tarball

This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia article "Sguil".

Except where otherwise indicated, Everything.Explained.Today is © Copyright 2009-2024, A B Cryer, All Rights Reserved. Cookie policy.