lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20110317130055.GB26051@bundy.vistech.net>
Date: Thu, 17 Mar 2011 09:00:55 -0400
From: "Champ Clark III [Softwink]" <champ@...twink.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Sagan 0.1.8 release | SEIM tool


  ,-._,-.    Sagan [http://sagan.softwink.com]
  \/)"(\/    By Champ Clark III & The Softwink Team: http://www.softwink.com
   (_o_)     Copyright (C) 2009-2011 Softwink, Inc., et al.
   /   \/)   
  (|| ||)    
   oo-oo
 
 	Softwink, Inc. [https://www.softwink.com] is proud to release
 Sagan version 0.1.8 [http://sagan.softwink.com].
 
What is Sagan?
 
Sagan is multi-threaded, real-time system- and event-log monitoring software,
but with a twist. Sagan uses a "Snort" like rule set for detecting nefarious
events happening on your network and/or computer systems. If Sagan detects a
"bad thing" happening, it can do a number of things with that information. For
example, Sagan can store the information to a Snort MySQL database for viewing
with utilities like Snorby [http://www.snorby.org],  it can send e-mail(s)
about the event to the appropriate personnel,  it can store to a Prelude back
end, it can also spawn external utilities, as well as numerous other things.
 
Sagan can also correlate the events with your Intrusion Detection/Intrusion 
Prevention (IDS/IPS) system and basically acts like an SIEM (Security
Information & Log Management) system.
 
What's new in Sagan?
 
 * Unified2 output. [src/output-plugins/sagan-unified2.c]
 
This allows Sagan to work in conjunction with programs like Barnyard2
[http://www.securixlive.com/barnyard2/] or Snoge   
[http://leonward.wordpress.com/snoge/]. Via Barnyard, Sagan can also access
output formats such as:
 
   - MySQL,  PostgreSQL,  MS-SQL,  Oracle (Which can give you access to Sagan
     data alongside your IDS/IPS data using consoles like Snorby 
     [http://www.snorby.org] or BASE.)
   - The Prelude framework   
   - Sguil  
   - ..and many more..
 
 * Liblognorm functionality
 
Liblognorm is a log normalization library that Sagan can use to extract
useful information from logged messages; including, TCP/IP information,
user-names,  uid,  etc. This library/project was started by Rainer Gerhards of
"Rsyslog" fame and is being designed from the Mitre CEE (Common Event
Expression) standard (not released/complete). For more information, please
see: http://www.liblognorm.com/news/introducing-liblognorm and  
http://cee.mitre.org.
 
 * "PLOG" support [src/sagan-plog.c]
 
This is a syslog based sniffer created from Marcus J. Ranum's "plog"
work. Sagan can spawn a thread that will "sniff" the wire for syslog traffic.
If traffic is seen, it is re-injected into /dev/log for Sagan to analyze
and/or archive. This is handy for environments resistant to changes.
 
 * Many,  many bug fixes.....
 
Other Sagan features:
 
* Native threaded output support to Snort databases (MySQL/PostgreSQL) 
* Native threaded Prelude plug in
* Threaded libesmtp support (SMTP/e-mail triggered events) based on rule 
  criteria or general Sagan configuration
* Native threaded Logzilla support (MySQL/PostgreSQL)
* 'Snort' like rule set making Sagan compatible with rule management 
  utilities like oinkmaster and pulled pork
* Sagan can spawn external programs when events get triggered. This way,  you
  can write your own "plugin" in the language you choose (perl, C, python, ruby,
  etc).
 
  For more information, please see: http://sagan.softwink.com
 
  Thank!, 
  Champ Clark III
 
-- 
        Champ Clark III | Softwink, Inc | 800-538-9357 x 101
                     http://www.softwink.com

GPG Key ID: 58A2A58F
Key fingerprint = 7734 2A1C 007D 581E BDF7  6AD5 0F1F 655F 58A2 A58F
If it wasn't for C, we'd be using BASI, PASAL and OBOL.

Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ