Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis. The Sguil client is written in tcl/tk and can be run on any operating system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).
What's New in This Release:
· It has been a couple of years of changes and bugfixes since the last release.
· The biggest change is the replacement of the sensor agent with individual components for each collection type. The new agents are called snort_agent.tcl, pcap_agent.tcl, and sancp_agent.tcl. By splitting out the agents, collection for these different data types can be placed on separate hardware and still be correlated via their "NET_NAME".
· A new collection agent for PADS is also included in this release although it is still considered beta.
· Also included is an example_agent.tcl script that documents how custom agents can be created.
· Other agents have been written for ModSecurity and OSSEC.