Get started Bring yourself up to speed with our introductory content.

What extra functionality do Snort add-ons provide?

While Snort is a powerful intrusion detection system out of the box, Snort add-ons such as Sguil can provide important new functionality.

About the author
Richard Bejtlich is director of incident response at General Electric Company in Manassas, Va. and blogs at and Listen to the rest of Richard's answers on Snort by downloading our Snort podcast.

Snort is a fantastic detection engine, but interpreting the default output (text files of alerts and Libpcap traces of offending packets) is not for the faint of heart. I recommend anyone who wants to fully leverage Snort to investigate a Snort add-on such as Bamm Visscher's Sguil suite. Sguil is an interface to Snort alerts, but it supplements Snort alerts with session data collected by John Curry's SANCP program and full content data collected by a variety of sources. Once you've tried Sguil, you will wonder how you ever detected and responded to intrusions without it.

Dig Deeper on Managed network services technology

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.