Jump to content


Photo
- - - - -

Sagan - Log/IDS/IPS event correlation [SEIM]


  • Please log in to reply
1 reply to this topic

#1 Beave

Beave

    SUPR3M3 31337 Mack Daddy P1MP

  • Agents of the Revolution
  • 350 posts

Posted 23 September 2010 - 05:17 PM

Howdy all,

I've been working on a project for a while called "Sagan". Basically, Sagan is a correlation engine that can take Intrusion Detection/Prevention and log (syslog/snmptrap) information and correlate it down into one console. I was asked to give a presentation at the Jacksonville, Florida Northeast Florida ISSA. The below is a link to the video of that presentation, as well as documentation (PDF of the presentation, etc). It basically goes over the ideas and methodologies we used to write Sagan, and future support we plan on adding in. The link is at:

https://www.softwink...rs/Sagan-NFISSA

Please check it out if your interested in this type of thing. Sagan is completely open source (GNU/GPL v2). Thanks!

#2 Beave

Beave

    SUPR3M3 31337 Mack Daddy P1MP

  • Agents of the Revolution
  • 350 posts

Posted 25 September 2010 - 06:53 AM

The video is also up on SecurityTube! Woo. Love those guys. The link is:

http://www.securityt...way)-video.aspx




BinRev is hosted by the great people at Lunarpages!