For those who doesnt know what sguil is, actually sguil is a network monitoring system which capture packet and give alert base on the signature. What is the differences between snort and sguil? well, there is a GUI on sguil, which can easily be handle by Network Admin in daily basis to check the network traffic, alerts and etc.
So Sguil 0.7.0 is out, what is the differences between 0.6.1? well there is a bit of changes in the architecture. As far as I know, in version 0.6.1 there is no PADS in sensoring architecture which is being added in version 0.7.0 for detecting service running on the network.
The workflow is quite same with version 0.6.1 I hope. Still havent got time to try this one out. but as from what I read on the Sguil website, there is a lot of interesting feature added. Really need to give this a try.
Well, for those who would like to give it a try but dont know what is SGUIL, then please refer to the sguil website before proceeding with the installation. Read carefully the requirement and user guide.
Thank you for your unbelievable support on Negative Zero - Permission to read and write blog for nearly 4 years. Don't forget to like Negative Zero on Facebook.
0 Comments