There are now two easy ways to get Sguil up and running: the VM (blogged previously) and InstantNSM, which is a bundling of the usual components in one package.
One thing to keep in mind: this is a security monitoring tool, not a Snort event browswer. The differnce (other than the quantity of the data and the number of tools providing input)(Snort is not the only input) is that Sguil is a way to manage those events, i.e., categorize them, escalate them, or correlate them.
No comments:
Post a Comment