Sguil

Sguil (pronounced sgweel) is an analyst console for network security monitoring

Sguil consist of three main components, a plugin to barnyard (op_sguil), a GUI server (sguild), and a GUI client (sguil.tk).

A sguil system is composed of a single sguil server and an arbitrary number of sguil network sensors. The sensors perform all the security monitoring tasks and feed information back to the server on a regular basis. The server coordinates this information, stores it in a database and communicates with sguil clients running on administrators' desktop machines.

Sguil

License GNU GPL Developer Robert Visscher, Steve Halligan Website sguil.sourceforge.net Requirements Snort barnyard mysql ethereal tcpflow awhois.sh Support: Wiki, FAQ, Forums, Mailing Lists Selected Reviews:

Features include:

• Provides a graphical interface to snort, an open source intrusion detection system
• Ties your IDS alerts into a database of TCP/IP sessions, full content packet logs and other information
• Functions as an analysis interface (has no snort sensor or rule management capabilities)

Last Updated Sunday, March 04 2012 @ 12:36 PM EST