Sagan 0.2.2 Released.
170 views
Skip to first unread message
Champ Clark III
Aug 20, 2012, 11:33:44 AM8/20/12
to sagan...@googlegroups.com, pauld...@pdc-mail.pauldotcom.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sagan version 0.2.2 has been released
=====================================
Champ Clark III [ccl...@quadrantsec.com]
Quadrant Main Site: http://www.quadrantsec.com
Sagan Main Site: http://sagan.quadrantsec.com
What is Sagan?
- --------------
Sagan is an open source (GNU/GPLv2) high performance, real time log
analysis & correlation engine. It's written in C and uses a
multithreaded architecture to deliver high performance log & event
analysis. Sagan rules and structure work similar to Sourcefires
?Snort? IDS engine. This is done to maintain compatibility with rule
management software (oinkmaster/pulledpork/etc) and allows Sagan the
ability to correlate log events with your Snort IDS/IPS system.
Since Sagan can write to Snort IDS/IPS databases via
unified2/barnyard2 or direct SQL access, it's compatible with all
Snort ?consoles?. For example, Sagan works fine with Snorby
[http://www.snorby.org], Sguil
[http://sguil.sourceforge.net] and the Prelude IDS framework! For more
information, please visit the Sagan web site:
http://sagan.quadrantsec.com.
What's new in Sagan?
- --------------------
- - This release is largely a bug fix for the Sagan "after:" directive.
Older verions of Sagan (0.2.1--) incorrectly handled the "after:"
flag/directive. New versions of the Sagan rules make heavy use of
"after:". In one week we'll be pushing out a major rule set update.
This new rule update will potentially break 0.2.1-- clients. Please
upgrade ASAP.
- - Added content negation at the request of DigAngel. This means you
can do things like:
content: "Find this"; content: ! "But don't find this";
- - Several other minor bug fixes.
What's in the future for Sagan?
- -------------------------------
- - New pre-processors for log analysis for better anomaly detection.
- - Better multi-CPU support on CPU intensive operations.
Where's an online demo?
- -----------------------
For an online demo of Sagan and Snorby in action, please go to:
http://demo.snorby.org
Username: de...@snorby.org
Password: snorby
You'll notice the ?Sagan? sensor online and reporting log data.
Question/Comments:
- ------------------
General questions about Sagan should be direct to the Sagan mailing
list. That is located at http://groups.google.com/group/sagan-users.
Author specific questions should be directed to Champ Clark II
(ccl...@quadrantsec.com).
Thank you!
- --
- - Champ Clark III (ccl...@quadrantsec.com)
Quadrant Information Security (http://quadrantsec.com)
Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
GPG Key ID: 0381878A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJQMljYAAoJENnmXt7Lmc3Ku60H/RLb+V4PfoVHjtOo5ZktqVbn
fXFeXw3QqGJWlEUhw1EMEgX1J6YvaXjn2iW8iHCd/6mpzucYQs5qpxUjPPUi41c6
Fu2kLJV7fm2oihpMiEZJ9aBsJxZg4pPl5mh3VViCtwhcL9q2PRB/h6QiMTq/qJKv
/wTQn5GVFa6DTYQ1/ezDdUn9lf/iDrbrajiZ18xQGyyKreE5Svh2XmOUz+6Idz+y
O00Y1aaQLw7r/GGxVh7+p+VH67m2mVRbK/RP9KgjYRPPa2B/c0CDashL2Z9/0DOQ
mMA0jRuZzFct1XV6/JODcVh4XOYq7h5YrdFpu4NovYGW1beCbGkAFJFt7Y2YplE=
=QS2K
-----END PGP SIGNATURE-----
Hash: SHA1
Sagan version 0.2.2 has been released
=====================================
Champ Clark III [ccl...@quadrantsec.com]
Quadrant Main Site: http://www.quadrantsec.com
Sagan Main Site: http://sagan.quadrantsec.com
What is Sagan?
- --------------
Sagan is an open source (GNU/GPLv2) high performance, real time log
analysis & correlation engine. It's written in C and uses a
multithreaded architecture to deliver high performance log & event
analysis. Sagan rules and structure work similar to Sourcefires
?Snort? IDS engine. This is done to maintain compatibility with rule
management software (oinkmaster/pulledpork/etc) and allows Sagan the
ability to correlate log events with your Snort IDS/IPS system.
Since Sagan can write to Snort IDS/IPS databases via
unified2/barnyard2 or direct SQL access, it's compatible with all
Snort ?consoles?. For example, Sagan works fine with Snorby
[http://www.snorby.org], Sguil
[http://sguil.sourceforge.net] and the Prelude IDS framework! For more
information, please visit the Sagan web site:
http://sagan.quadrantsec.com.
What's new in Sagan?
- --------------------
- - This release is largely a bug fix for the Sagan "after:" directive.
Older verions of Sagan (0.2.1--) incorrectly handled the "after:"
flag/directive. New versions of the Sagan rules make heavy use of
"after:". In one week we'll be pushing out a major rule set update.
This new rule update will potentially break 0.2.1-- clients. Please
upgrade ASAP.
- - Added content negation at the request of DigAngel. This means you
can do things like:
content: "Find this"; content: ! "But don't find this";
- - Several other minor bug fixes.
What's in the future for Sagan?
- -------------------------------
- - New pre-processors for log analysis for better anomaly detection.
- - Better multi-CPU support on CPU intensive operations.
Where's an online demo?
- -----------------------
For an online demo of Sagan and Snorby in action, please go to:
http://demo.snorby.org
Username: de...@snorby.org
Password: snorby
You'll notice the ?Sagan? sensor online and reporting log data.
Question/Comments:
- ------------------
General questions about Sagan should be direct to the Sagan mailing
list. That is located at http://groups.google.com/group/sagan-users.
Author specific questions should be directed to Champ Clark II
(ccl...@quadrantsec.com).
Thank you!
- --
- - Champ Clark III (ccl...@quadrantsec.com)
Quadrant Information Security (http://quadrantsec.com)
Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
GPG Key ID: 0381878A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJQMljYAAoJENnmXt7Lmc3Ku60H/RLb+V4PfoVHjtOo5ZktqVbn
fXFeXw3QqGJWlEUhw1EMEgX1J6YvaXjn2iW8iHCd/6mpzucYQs5qpxUjPPUi41c6
Fu2kLJV7fm2oihpMiEZJ9aBsJxZg4pPl5mh3VViCtwhcL9q2PRB/h6QiMTq/qJKv
/wTQn5GVFa6DTYQ1/ezDdUn9lf/iDrbrajiZ18xQGyyKreE5Svh2XmOUz+6Idz+y
O00Y1aaQLw7r/GGxVh7+p+VH67m2mVRbK/RP9KgjYRPPa2B/c0CDashL2Z9/0DOQ
mMA0jRuZzFct1XV6/JODcVh4XOYq7h5YrdFpu4NovYGW1beCbGkAFJFt7Y2YplE=
=QS2K
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages