Howdy all,
I've been working on a project for a while called "Sagan". Basically, Sagan is a correlation engine that can take Intrusion Detection/Prevention and log (syslog/snmptrap) information and correlate it down into one console. I was asked to give a presentation at the Jacksonville, Florida Northeast Florida ISSA. The below is a link to the video of that presentation, as well as documentation (PDF of the presentation, etc). It basically goes over the ideas and methodologies we used to write Sagan, and future support we plan on adding in. The link is at:
https://www.softwink...rs/Sagan-NFISSA
Please check it out if your interested in this type of thing. Sagan is completely open source (GNU/GPL v2). Thanks!
Sagan - Log/IDS/IPS event correlation [SEIM]
Started by
Beave
, Sep 23 2010 05:17 PM
1 reply to this topic
#1
Beave
-
- Agents of the Revolution
-
- 350 posts
SUPR3M3 31337 Mack Daddy P1MP
Posted 23 September 2010 - 05:17 PM
#2
Beave
-
- Agents of the Revolution
-
- 350 posts
SUPR3M3 31337 Mack Daddy P1MP
Posted 25 September 2010 - 06:53 AM
The video is also up on SecurityTube! Woo. Love those guys. The link is:
http://www.securityt...way)-video.aspx
http://www.securityt...way)-video.aspx
BinRev is hosted by the great people at Lunarpages!
