forked from beave/sagan-rules
-
Notifications
You must be signed in to change notification settings - Fork 0
Rule sets for Sagan
red8383light/sagan-rules
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Welcome to the "Sagan Rules" README file ---------------------------------------- This is the Git repository for the Sagan engine rule sets. You probably won't find these useful unless you're actually using Sagan! For more information, check out the Sagan main web site at: http://sagan.quadrantsec.com Github related site: http://github.com/beave/sagan What is Sagan? -------------- Sagan is an open source (GNU/GPLv2) high performance, real-time log analysis & correlation engine. It is written in C and uses a multi-threaded architecture to deliver high performance log & event analysis. The Sagan structure and Sagan rules work similarly to the Sourcefire "Snort" IDS engine. This was intentionally done to maintain compatibility with rule management software (oinkmaster/pulledpork/etc) and allows Sagan to correlate log events with your Snort IDS/IPS system. Since Sagan can write to Snort IDS/IPS databases via unified2/barnyard2, it is compatible with all Snort "consoles". For example, Sagan is compatible with Snorby [http://www.snorby.org], Sguil [http://sguil.sourceforge.net], BASE, and the Prelude IDS framework! (to name a few). Sagan supports many different output formats, log normalization (via liblognorm), script execution on event and automatic firewall support via "Snortsam" (see http://www.snortsam.net). For more information, please visit the Sagan web site: http://sagan.quadrantsec.com.
About
Rule sets for Sagan
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published