
Those steps are basically:
- Open a terminal.
- Execute 'sudo nsm start'.
- Double-click on the Sguil client icon.
- Log into Sguil.

To test Sguil, I executed 'apt-get install lynx' then visited www.testmyids.com. In the screenshot you'll see the default Sguil installation generated two alerts. I was able to generate a transcript and launch Wireshark. However, SANCP session records did not appear to be inserted into the database although SANCP was running.
I suggest trying Securix-NSM if you'd like to try using Sguil but have no experience setting it up.
Tidak ada komentar:
Posting Komentar