Here’s the list:
Cisco IPS Signature Engines – Good writeup on how Cisco IPS signatures work.
A signature engine is a component of the Cisco IPS that is designed to support many signatures in a certain category. An engine is composed of a parser and an inspector. Each engine has a set of parameters that have allowable ranges or sets of values.
A little about my book… – Don’t worry Harlan…you’re not even coming close to the number of “as I said in my book” references that Richard Bejtlich makes 🙂
Many times, in forums (forii??) or email, someone will see me say “…as I mentioned in my book…” or “…as detailed in my book…” and I’ve received comments that some folks have been turned off by that. Okay, I can go with that, as I dislike sales pitches myself. So why do I say something like that?
Sguil – Intuitive GUI for Network Security Monitoring with Snort – The best open tool for dealing with Snort alerts.
Sguil (pronounced sgweel) is probably best described as an aggregation system for network security monitoring tools. It ties your IDS alerts into a database of TCP/IP sessions, full content packet logs and other information. When you’ve identified an alert that needs more investigation, the sguil client provides you with seamless access to the data you need to decide how to handle the situation. In other words, sguil simply ties together the outputs of various security monitoring tools into a single interface, providing you with the most information in the shortest amount of time.
G2000 Logjam Continues To Spur Log Management Says SANS Survey – I’ll have to book some time to watch the webcast.
We teamed up with the SANS Institute again this year to survey the G2000 on the trends driving log management and intelligence. You can dowload a copy of the preliminary findings of the 2007 Log Management Survey or sign up to attend a webcast presentation of the results with SANS on June 6th.