Sguil (pronounced ''sgweel'' or ''squeal'') is a collection of free
software
Software is a set of computer programs and associated software documentation, documentation and data (computing), data. This is in contrast to Computer hardware, hardware, from which the system is built and which actually performs the work.
...
components for
Network Security Monitoring (NSM) and event driven analysis of
IDS alerts.
The sguil client is written in
Tcl
TCL or Tcl or TCLs may refer to:
Business
* TCL Technology, a Chinese consumer electronics and appliance company
**TCL Electronics, a subsidiary of TCL Technology
* Texas Collegiate League, a collegiate baseball league
* Trade Centre Limited ...
/
Tk and can be run on any operating system that supports these. Sguil integrates alert data from
Snort, session data from SANCP, and full content data from a second instance of Snort running in packet logger mode.
Sguil is an implementation of a Network Security Monitoring system. NSM is defined as "collection, analysis, and escalation of indications and warnings to detect and respond to intrusions."
Sguil is released under the GPL 3.0.
[README file in the tarball]
Tools that make up Sguil
See also
*
Sagan
*
Intrusion detection system
An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically rep ...
(IDS)
*
Intrusion prevention system
An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically rep ...
(IPS)
*
Network intrusion detection system
An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically rep ...
(NIDS)
*
Metasploit Project
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.
I ...
*
nmap
Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym ''Fyodor Vaskovich''). Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.
Nmap provide ...
*
Host-based intrusion detection system comparison Comparison of host-based intrusion detection system components and systems.
Free and open-source software
As per the Unix philosophy a good HIDS is composed of multiple packages each focusing on a specific aspect.
Proprietary software
Proprie ...
References
External links
Sguil Homepage
Computer network security
Linux security software
Free network management software
Software that uses Tk (software)
{{security-software-stub