SGUIL - The Analyst Console for Network Security Monitoring.

SGUIL - The Analyst Console for Network Security Monitoring.
By Analysts -- For Analysts -- Current Version 0.6.1

Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides realtime events from snort/barnyard. It also includes other components which facilitate the practice of Network Security Monitoring and event driven analysis of IDS alerts. The sguil client is written in tcl/tk and can be run on any operating system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).

Want to learn more about Network Security Monitoring (NSM)? Then check out Richard Bejtlich's recently released book, The Tao of Network Security Monitoring: Beyond Intrusion Detection. An excerpt reads:

Network security monitoring (NSM) equips security staff to deal with the inevitable consequences of too few resources and too many responsibilities. NSM collects the data needed to generate better assessment, detection, and response processes--resulting in decreased impact from unauthorized activities.

For those interested in seeing how sguil looks and feels, download the client and connect to the sguil daemon (sguild) at on port 7734. Enter any username and password when prompted and select the sensor named "reset". In the console, you will see a User Messages tab. Within this tab you can communicate with other connected analysts as well as the irc channel #snort-gui on

Download it here

p/s: this is a really cool stuff :D excited


quiksand said...

Wah cam menarik je. Bila nak datang office lagi =P, boleh kita layan nasi lemak antarabangsa huhuhuh