Sagan 0.2.2 - Multi-threaded event-log monitoring
Labels:
Monitoring,
Security Tools
Sagan is multi-threaded, real-time system and event-log monitoring software, but with a twist. It uses a “Snort” like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a “bad thing” happening, it can do a number of things with that information.
For example, Sagan can store the information to a Snort MySQL database for viewing with utilities like Snorby, it can send e-mail(s) about the event to the appropriate personnel, it can store to a Prelude back end, it can also spawn external utilities, as well as numerous other things.
Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information & Log Management) system.
Sagan change log:
- This release is largely a bug fix for the Sagan “after:” directive. Older verions of Sagan (0.2.1–) incorrectly handled the “after:” flag/directive. New versions of the Sagan rules make heavy use of “after:”. In one week we’ll be pushing out a major rule set update. This new rule update will potentially break 0.2.1– clients. Please upgrade ASAP.
- Added content negation at the request of DigAngel.
- Several other minor bug fixes.
Sagan has the capability to manage events from the following assets:
-Routers (Cisco, etc)
-Managed network switches
-Firewalls (Sonicwall, Fortigate, etc)
-IDS/IPS systems (Cisco, Fortigate, etc)
-Linux and Unix systems (services, kernel messages, etc)
-Windows based networks (Event logs, etc)
-Wireless access points (Cisco, D-Link, etc)
-Host based IDS systems (HIDS) ( AIDE, OSSEC, etc)
-Detection of rogue devices on networks (via Arpalert, etc)
-Much, much more…..Sagan gives us a broad range of devices, services, applications that we can monitor.
For example, if your organization is a "Cisco shop" and you don't want to deploy Snort based IDS/IPS sensors, it really doesn't matter to our staff. We can monitor the Cisco devices just as we would a Snort based IDS/IPS solution.
Download Sagan
-Routers (Cisco, etc)
-Managed network switches
-Firewalls (Sonicwall, Fortigate, etc)
-IDS/IPS systems (Cisco, Fortigate, etc)
-Linux and Unix systems (services, kernel messages, etc)
-Windows based networks (Event logs, etc)
-Wireless access points (Cisco, D-Link, etc)
-Host based IDS systems (HIDS) ( AIDE, OSSEC, etc)
-Detection of rogue devices on networks (via Arpalert, etc)
-Much, much more…..Sagan gives us a broad range of devices, services, applications that we can monitor.
For example, if your organization is a "Cisco shop" and you don't want to deploy Snort based IDS/IPS sensors, it really doesn't matter to our staff. We can monitor the Cisco devices just as we would a Snort based IDS/IPS solution.
Download Sagan
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
The Hacker News - Daily Updates