26 March 2008 - Updated Modsec2Sguil
Victor Julien writes:
I've updated the Modsec2sguil agent to work with the latest release.
Also, it contains support for ModSecurity 2.5.x contributed by Ryan
Cummings.
Get it here: http://www.inliniac.net/modsec2sguil/
Cheers,
Victor
26 March 2008 - Bugs!
Well, that didn't take too long. Found a bug with the way the client parses messages for display in the "User Messages" tab. It has been fixed in CVS and a simple diff can be found here. A patched release will follow.
25 March 2008 - Sguil Version 0.7.0 Released
It has been a couple of years of changes and bugfixes since the last
release. The biggest change is the replacement of the sensor agent
with individual components for each collection type. The new agents
are called snort_agent.tcl, pcap_agent.tcl, and sancp_agent.tcl. By
splitting out the agents, collection for these different data types
can be placed on separate hardware and still be correlated via their
"NET_NAME".
A new collection agent for PADS is also included in this release although it is still considered beta. Also included is an example_agent.tcl script that documents how custom agents can be created. Other agents have been written for ModSecurity and OSSEC.
As always, help can be found on the sguil-users mailing list or in IRC on #snort-gui via irc.freenode.net.
David Bianco has provided a great HOWTO and Rich Fifarek has created a yum repository that should be updated soon.
Thanks for everyone's help and happy F8ing,
Bammkkkk
21 March 2007 - Modsec2Sguil 0.7 Released
Victor Julien released version 0.7 of Modsec2sguil recently. Modsec2Sguil is a set of perl scripts to feed ModSecurity alerts to the Sguil NSM system. The main change of this release is that it adds support for alerts produced by ModSecurity 2.x, while 1.9.x remains to be supported. Next to this the conversion between ModSecurity’s severity and Snort’s priority was fixed, so alerts should show up in the right pane in Sguil again.
In future releases, we plan to add the capability for other projects to easily send events to Sguil.
19 March 2007 - Website Updated!
After a much too long hiatus, the Sguil website has been updated. We are using an open source template from Andreas Viklund. Also, Sguil version 0.7.0 is currently being tested in CVS and we plan to get a release candidate out soon!
24 March 2006 - Sguil 0.6.1 VM
Richard Bejtlich of TaoSecurity created another Sguil VM. This edition runs Sguil 0.6.1 on FreeBSD 5.4 and is described here.
13 February 2006 - Sguil 0.6.1 Released
Sguil-0.6.1 has been released. This release adds support for snort statistics, UNION queries, and GUI enhancements.
06 January 2006 - Sguil Client VM
Richard Bejtlich of TaoSecurity a new Sguil VM. This one has the client as well as the components in his first VM.
30 December 2005 - First Sguil VM
Richard Bejtlich of TaoSecurity has started creating virtual machines suitable for use in VMware Player. You can read about the creation of the first Sguil VM in Richard's blog. We've added a page on VMs for future work. The first VM is available here.
