Intrusion Detection Systems (IDS) Tools

What is Sguil?
Sguil which is written in tcl/tk, is build for network security analysts. Main component of this tool is an intuitive GUI that gives access to session data, realtime events and raw packet captures. It also facilitates the practuce of event driven analysis and network security monitoring.

Sguil is built by network security analysts for network security analysts. Sguil’s main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis. The Sguil client is written in tcl/tk.

Is Sguil Free?
Yes, the use of this product is free.

Does Sguil Work on all Operating Systems?
Sguil can be run on any operating system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).

What are the Typical Uses for Sguil?
Sguil is used to tie your IDS alerts into a database of TCP/IP sessions, packet logs, full content and other information. For most of its data, Sguil uses a backend which enable users to perform SQL queries against various types of security events.