Sagan as a Log Normalizer | Diary Discussions | Community Forums | SANS Internet Storm Center; Cooperative Network Security Community – Internet Security

Using Sagan is another way of leveraging a Snort IDS database infrastructure to collect, correlated and monitor suspicious events via syslog. For additional information on Sagan, check the Sagan Wiki.

[1] http://sagan.quadrantsec.com/

[2] https://wiki.quadrantsec.com/twiki/bin/view/Main/SaganMain

[3] https://wiki.quadrantsec.com/twiki/bin/view/Main/SaganRuleReference

[4] https://wiki.quadrantsec.com/twiki/bin/view/Main/SaganInstall

[5] http://sagan.quadrantsec.com/rules/

[6] https://github.com/beave/sagan

via Sagan as a Log Normalizer | Diary Discussions | Community Forums | SANS Internet Storm Center; Cooperative Network Security Community – Internet Security.

via Sagan as a Log Normalizer | Diary Discussions | Community Forums | SANS Internet Storm Center; Cooperative Network Security Community – Internet Security.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s