Yesterday I read A successor is born... Securix-NSM 1.0. Securix-NSM is a Debian-based live CD that is the fastest way I've ever seen for a new user to try Sguil. All you have to do is download the 280 MB .iso, boot it, and follow the quick start documentation. Those steps are basically:
- Open a terminal.
- Execute 'sudo nsm start'.
- Double-click on the Sguil client icon.
- Log into Sguil.
To test Sguil, I executed 'apt-get install lynx' then visited www.testmyids.com. In the screenshot you'll see the default Sguil installation generated two alerts. I was able to generate a transcript and launch Wireshark. However, SANCP session records did not appear to be inserted into the database although SANCP was running.
I suggest trying Securix-NSM if you'd like to try using Sguil but have no experience setting it up.
Tidak ada komentar:
Posting Komentar