HOME

TheInfoList



Click Here for Items Related To - Sguil
OR:
Sguil on:   [Wikipedia]   [Google]   [Amazon]

Sguil (pronounced ''sgweel'' or ''squeal'') is a collection of free
software Software is a set of computer programs and associated software documentation, documentation and data (computing), data. This is in contrast to Computer hardware, hardware, from which the system is built and which actually performs the work. ...
components for
Network Security Monitoring Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...
(NSM) and event driven analysis of
IDS IDS may refer to: Computing * IBM Informix Dynamic Server, a relational database management system * Ideographic Description Sequence, describing a Unihan character as a combination of other characters * Integrated Data Store, one of the first da ...
alerts. The sguil client is written in Tcl/ Tk and can be run on any operating system that supports these. Sguil integrates alert data from
Snort Snort may refer to: * Nose-blowing * Sniffle * Nasal administration, the inhaling of drugs through the nose * Snort (software), a package for intrusion detection * Snort, a map-coloring game * Insufflation, the act of blowing, breathing, hissing, ...
, session data from SANCP, and full content data from a second instance of Snort running in packet logger mode. Sguil is an implementation of a Network Security Monitoring system. NSM is defined as "collection, analysis, and escalation of indications and warnings to detect and respond to intrusions." Sguil is released under the GPL 3.0.README file in the tarball


Tools that make up Sguil


See also

* Sagan * Intrusion detection system (IDS) * Intrusion prevention system (IPS) * Network intrusion detection system (NIDS) * Metasploit Project *
nmap Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym ''Fyodor Vaskovich''). Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap prov ...
* Host-based intrusion detection system comparison


References


External links


Sguil Homepage
Computer network security Linux security software Free network management software Software that uses Tk (software) {{security-software-stub