Integrating Sguil into Intrusion Detection and Incident Response

A fellow Sguil user wrote a surprisingly complete account of a compromise of his Web server, and how he used Sguil to identify the intrusion and respond to the incident. The author, Chas Tomlin, provides a step-by-step walkthrough of his investigation, along with some of his actual findings -- including a transcript of an IRC conversation between bot net operators.