This week I have added an additional layer of security with a great product called Sguil. Yes I know it has been around and Yes I know I have toyed with it before and felt that at the time I didn't need the granularity that it provides hence the reason that I have been using BASE. The need has arisen with the growth of security issues and the need for security escalation. Being a one man show things can be a little daunting and using BASE it added a little more overhead on me since I did have to trace pcap's just to make sure that nothing really did happen and if it did what happened. With Sguil I should get that and have the overhead transfered to the software in a single console. Maybe I can get a little rest then. If you are looking to do the same there are several pieces of of software that will get you going fast such as nsnnow and the boot-able security onion that works great if you are looking to give it a test run.. it has the nice feature of being able to run snort 3.0 woohoo. Anyway good luck to all NSM's out there and bad_mojo stay away from my net , my little ones keep me up enough as is. ../../
No comments:
Post a Comment