Sagan v0.2.2 r2 released

Sagan is a multi-threaded, real time system and event log monitoring system, but with a twist. Sagan uses a “Snort” like rule set for detecting bad things happening on your network and/or computer systems. If Sagan detects a “bad thing” happening, that event can be stored to a Snort database (MySQL/PostgreSQL) and Sagan will attempt to correlate the event with your Snort Intrusion Detection/Intrusion Prevention (IDS/IPS) system. Sagan is basically a SIEM (Security Information & Log Management) system.

  • Sagan is fast – Sagan is written in C and is a multi-threaded application. Sagan is threaded to prevent blocking Input/Output (I/O). For example, data processing doesn’t stop when an SQL query is needed.
  • Sagan uses a “Snort” like rule set – If you’re a user of “Snort” and understand Snort rule sets, then you already understand Sagan rule sets. Essentially, Sagan is compatible with Snort rule management utilities. For example, “oinkmaster” and “pulledpork”.
  • Sagan can log to Snort databases – Sagan will operate as a separate “sensor” ID to a Snort database. This means, your IDS/IPS events from Snort will remain separate from your Sagan (syslog/event log). Since Sagan can utilize Snort databases, using Snort front-ends like BASE and Snorbywill not only work with your IDS/IPS event, but also with your syslog/events as well!
  • Sagan output formats – You don’t have to be a Snort user to use Sagan. Sagan supports multiple output formats, such as a standard output file log format (similar to Snort), e-mailing of alerts (via libesmtp), Unified2 output support and external based programs that you can develop using the language you prefer (Perl/Python/C/etc).
  • Sagan log normalization – Sagan uses various methods to “normalize” logs. This allows Sagan to extract useful information for log messages for better correlation. For example, Sagan uses liblognormand other techniques for log normalization.
  • Sagan is actively developed Quadrant Information Security actively develops and maintains the Sagan source code and rule sets. Quadrant Information Security uses Sagan to monitor security related log events on a 24/7 basis.

Download

NJ Ouchn

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"
Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

Black Hat Arsenal 2024 Next Stop Singapore !

Black Hat Arsenal 2024 Next Stop Singapore !

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community