|
Sguil. SourceForge.Net says Sguil is "built by network security analysts for network security analysts." Its goal is to be the only console used by NSM practitioners, and use grows, evidenced by continued feature enhancements (Modsec2sguil) and an NSMWiki Some find Sguil something of a challenge to install, configure and stabilize, but Knoppix-NSM eliminates those issues by offering a fully configured instance ready for immediate analysis. Web-based consoles typically displa...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
y alerts by count rather than severity. This can be very problematic when a highly critical alert occurs only one or two times. Sguil has no such shortcoming because "access to each sort of data is immediate and interconnected, allowing fast retrieval of pertinent information," wrote Bejtlich in The Tao of Network Security Monitoring.
[IMAGE] Unlike Web-based consoles like BASE, Sguil is fast and makes it easy to spot potentially dangerous events.
|
 |
|
