04 Apr 2014 - Sguil 0.9.0 Released!
Shhhhh, don't tell Richard or he will give me crap for this not being a 1.0. I am thinking version 0.9.99999999999 is gonna be the bomb.
This release includes some bugfixes, a wizard for adding autocat rules, and an interface for viewing current autocat rules. Event selections are now pushed to all connected clients and the selector's ID is displayed in peers ST column of the selected event. Sending "who" in the User Msgs window will display a list of connected users, their user id, and what event they have currently selected. Custom URLs to open based on the SID can now be defined in your sguil.conf.
Go out and download Sguil 0.9.0. Install it. Test it. Break it. Find some bad guys. And let me know if the clicky clicky no worky worky.
Bamm
24 Oct 2013 - Hello GitHub
By popular demand, I have switched the source repository to git and github. Things are slowly migrating this way and I am still trying get comfortable with git and github. I also changed the license of Sguil from QPL to the GPLv3.
Bamm
29 May 2011 - Sguil 0.8.0 Released!
Okay, new direction. Time has been escaping me and Sguil development has suffered. When I do have time to spend on Sguil, I would rather be adding new features and fixing bugs versus testing installs and writing documentation. So starting with this release, I am going to focus on getting code out the door and hope our small community will document their experiences through blogs, wikis, mailing lists, tweets, and #snort-gui.
Go out and download Sguil 0.8.0. Install it. Test it. Break it. And find some bad guys.
Bamm
25 January 2010 - I'm not dead yet
But the demo server is. Well, it is not dead, just in an unpacked box (we moved from
Colorado to Western Michigan recently). Seriously. I apologize for the lack updates
over the last two years (ouch). The project is not dead, just on hiatus. I have been
busy with a huge deployment (over 100 sensors on ~80 appliances) and cannot wait to
add what we have learned. Stay tuned.
Bamm
26 March 2008 - Updated Modsec2Sguil
Victor Julien writes:
I've updated the Modsec2sguil agent to work with the latest release.
Also, it contains support for ModSecurity 2.5.x contributed by Ryan
Cummings.
Get it here: http://www.inliniac.net/modsec2sguil/
Cheers,
Victor
26 March 2008 - Bugs!
Well, that didn't take too long. Found a bug with the way the client parses messages for display in the "User Messages" tab. It has been fixed in CVS and a simple diff can be found here. A patched release will follow.
25 March 2008 - Sguil Version 0.7.0 Released
It has been a couple of years of changes and bugfixes since the last
release. The biggest change is the replacement of the sensor agent
with individual components for each collection type. The new agents
are called snort_agent.tcl, pcap_agent.tcl, and sancp_agent.tcl. By
splitting out the agents, collection for these different data types
can be placed on separate hardware and still be correlated via their
"NET_NAME".
A new collection agent for PADS is also included in this release although it is still considered beta. Also included is an example_agent.tcl script that documents how custom agents can be created. Other agents have been written for ModSecurity and OSSEC.
As always, help can be found on the sguil-users mailing list or in IRC on #snort-gui via irc.freenode.net.
David Bianco has provided a great HOWTO and Rich Fifarek has created a yum repository that should be updated soon.
Thanks for everyone's help and happy F8ing,
Bammkkkk
21 March 2007 - Modsec2Sguil 0.7 Released
Victor Julien released version 0.7 of Modsec2sguil recently. Modsec2Sguil is a set of perl scripts to feed ModSecurity alerts to the Sguil NSM system. The main change of this release is that it adds support for alerts produced by ModSecurity 2.x, while 1.9.x remains to be supported. Next to this the conversion between ModSecurity’s severity and Snort’s priority was fixed, so alerts should show up in the right pane in Sguil again.
In future releases, we plan to add the capability for other projects to easily send events to Sguil.
19 March 2007 - Website Updated!
After a much too long hiatus, the Sguil website has been updated. We are using an open source template from Andreas Viklund. Also, Sguil version 0.7.0 is currently being tested in CVS and we plan to get a release candidate out soon!
24 March 2006 - Sguil 0.6.1 VM
Richard Bejtlich of TaoSecurity created another Sguil VM. This edition runs Sguil 0.6.1 on FreeBSD 5.4 and is described here.
13 February 2006 - Sguil 0.6.1 Released
Sguil-0.6.1 has been released. This release adds support for snort statistics, UNION queries, and GUI enhancements.
06 January 2006 - Sguil Client VM
Richard Bejtlich of TaoSecurity a new Sguil VM. This one has the client as well as the components in his first VM.
30 December 2005 - First Sguil VM
Richard Bejtlich of TaoSecurity has started creating virtual machines suitable for use in VMware Player. You can read about the creation of the first Sguil VM in Richard's blog. We've added a page on VMs for future work. The first VM is available here.
