What extra functionality do Snort add-ons provide?

While Snort is a powerful intrusion detection system out of the box, Snort add-ons such as Sguil can provide important new functionality.

About the author
Richard Bejtlich is director of incident response at General Electric Company in Manassas, Va. and blogs at Bejtlich.net and TaoSecurity.com. Listen to the rest of Richard's answers on Snort by downloading our Snort podcast.

Snort is a fantastic detection engine, but interpreting the default output (text files of alerts and Libpcap traces of offending packets) is not for the faint of heart. I recommend anyone who wants to fully leverage Snort to investigate a Snort add-on such as Bamm Visscher's Sguil suite. Sguil is an interface to Snort alerts, but it supplements Snort alerts with session data collected by John Curry's SANCP program and full content data collected by a variety of sources. Once you've tried Sguil, you will wonder how you ever detected and responded to intrusions without it.

This was first published in January 2008

Dig deeper on Network security products, technologies, services

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close