Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question about Sguil

From: Matt Martin <MMartin () jwpepper com>
Date: Fri, 20 Jun 2014 20:27:40 +0000
Very cool Jaime… I’ll be looking forward to your finished product once completed…
Hopefully you can post something to the list once you guys put the new project out there!

Personally, I’m a very visual person, so that “Geolocation” stuff seems pretty awesome. Well thanks for the info, and 
good luck with the project!

Thanks Again,
Matt


From: Jaime Nebrera [mailto:jnebrera () redborder org]
Sent: Friday, June 20, 2014 4:22 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Question about Sguil



I was just watching the youtube video, very nice...


:D


It was hard for me to read any of the text in the GUI on the video,


In essence is just 3 different views:

One is a dashboard you can build to match your needs

Then you have top-k views for each "Metadata variable" (you can see the operator choosing the variables when going to 
the top right corner)

And then you have a raw view were you see aggregated events as they arrive, again defining the variables you want to 
group by (this view has a very nice flow visualization built dynamically based on chosen variables)

but was that a building schematic that I was seeing in the video? If so, that’s pretty awesome!

Yes we use geolocation. The building you are seeing is a bit different, is a heat map of users connected to a wireless 
network. To define it's position, we use MSE data from Cisco specific equipment. From there we can estimate the number 
of distinct users per minute using Hyperloglog approximation. That part is more specific from Flow but actually would 
work the same way for IPS if you could nail that well the position of the attacker (we do crossing info from both 
products, but again, using MSE)

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: