Sguil (pronounced sgweel or squeal) is a collection of free software components for Network Security Monitoring (NSM) and event driven analysis of IDS alerts.
Tools that make up Sguil
{| class="wikitable"
|-
! Tool !! Purpose
|-
| MySQL 4.x or 5.x || Data storage and retrieval
|-
| Snort 2.x / Suricata || Intrusion detection alerts, scan detection, packet logging
|-
| Barnyard / Barnyard2 || Decodes IDS alerts and sends them to sguil
|-
| SANCP || TCP/IP session records
|-
| Tcpflow || Extract an ASCII dump of a given TCP session
|-
| p0f || Operating system fingerprinting
|-
| tcpdump || Extracts individual sessions from packet logs
|-
| Wireshark || Packet analysis tool (used to be called Ethereal)
|}
External links
- Sguil Homepage