IPS and IDS Tools for Network Admin

18 Sep 2009

Snort IPS is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and over 250,000 registered users, Snort has become the de facto standard for IPS.

Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil’s main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures.

SQueRT was created to make most of the data from Sguil accessible via a web browser. While most analysts shun the idea of this, it is especially useful for some people (management, techs) that do not require the real-time event handling and analytical aspects (complexity) of the TCL/TK Sguil client. SQueRT is simply meant to provide a quick overview for non-analysts so that they can address certain obvious problem areas; for example policy violations.

SnoGE is a Snort unified reporting tool, it processes your unified files (that’s Snort’s output format), and represents them as place-marks on Google Earth. It can operate in a few modes, Real-time, refresh, and one-time.

SAC

IPS and IDS Tools for Network Admin

Related Posts

Release of node-phonenumber 0.3.0 Are Available Through NPM 21 Jul 2017

How To Copy From Remote File To Local Server Using PHP 06 Dec 2015

Upgrading CoreOS With Deis Onboard 20 Sep 2015