This repository has been archived by the owner on Apr 16, 2021. It is now read-only.
Sguil
Doug Burks edited this page Nov 30, 2015
·
33 revisions
-
Developed by Bamm Visscher:
http://sguil.net -
tcl/tk (not web-based)
-
Single central MySQL database
-
For login information, please see:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Passwords#sguil -
Data types:
- NIDS alerts from Snort/Suricata (if snort_agent is enabled)
- HIDS alerts from OSSEC (if ossec_agent is enabled)
- session data from PRADS (if PRADS and sancp_agent are enabled)
- asset data from PRADS (if PRADS and pads_agent are enabled)
- HTTP logs from Bro (if http_agent is enabled)
-
Can pivot to transcript/Wireshark/NetworkMiner by right-clicking the Alert ID field.
- Pivot to ELSA by right-clicking an IP address and choosing "ELSA IP Lookup".
-
You can change fonts by clicking File --> Change Font.
-
You can resize columns by right-clicking on the column heading.
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs