What extra functionality do Snort add-ons provide?

While Snort is a powerful intrusion detection system out of the box, Snort add-ons such as Sguil can provide important new functionality.

About the author
Richard Bejtlich is director of incident response at General Electric Company in Manassas, Va. and blogs at Bejtlich.net and TaoSecurity.com. Listen to the rest of Richard's answers on Snort by downloading our Snort podcast.

Snort is a fantastic detection engine, but interpreting the default output (text files of alerts and Libpcap traces of offending packets) is not for the faint of heart. I recommend anyone who wants to fully leverage Snort to investigate a Snort add-on such as Bamm Visscher's Sguil suite. Sguil is an interface to Snort alerts, but it supplements Snort alerts with session data collected by John Curry's SANCP program and full content data collected by a variety of sources. Once you've tried Sguil, you will wonder how you ever detected and responded to intrusions without it.

This was last published in January 2008

Dig Deeper on Network security products, technologies, services

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close