Last week I discussed Sguil and I was going to do a post on getting Sguil running on Ubuntu. Like most good plans, mine feel apart. To start with, I changed what I intended to blog about late in the game, than ran out of time.
My plan now is to include using InstantNSM and the Sguil packages to get a Network Security Monitoring (NSM) up quickly. In order to do to this I have to modify InstantNSM to “support” debian based systems. This modification will be made and tested over the next month or so. I have contacted the developer for InstantNSM to see about adding support for Ubuntu.
On the GSE Lab front I have spent time building the lab, started to read the Wireshark Network Analysis book, and spend some time reviewing network traffic (outside of my day job of course). As I spend more time with packet captures, I am becoming more proficient writing filters in tcpdump and Wireshark.
Next week I am going on short three day trip with the wife and friends so I probably wont get a chance to post anything new, but you never know.
No comments:
Post a Comment