Knoppix-NSM removes complexity of Snort-based network security monitoring


This article can also be found in the Premium Editorial Download "Information Security magazine: Tips from the 2007 Security 7 Awards."

Download it now to read this article plus other related content.

Sguil. SourceForge.Net says Sguil is "built by network security analysts for network security analysts." Its goal is to be the only console used by NSM practitioners, and use grows, evidenced by continued feature enhancements (Modsec2sguil) and an NSMWiki Some find Sguil something of a challenge to install, configure and stabilize, but Knoppix-NSM eliminates those issues by offering a fully configured instance ready for immediate analysis. Web-based consoles typically display alerts by count rather than severity. This can be very problematic when a highly critical alert occurs only one or two times. Sguil has no such shortcoming because "access to each sort of data is immediate and interconnected, allowing fast retrieval of pertinent information," wrote Bejtlich in The Tao of Network Security Monitoring.

Unlike Web-based consoles like BASE, Sguil is fast and makes it easy to spot potentially dangerous events.

    Requires Free Membership to View

This was first published in October 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: