|Sagan 0.2.2 Released.||Da Beave||8/20/12 8:33 AM|
-----BEGIN PGP SIGNED MESSAGE-----
Sagan version 0.2.2 has been released
Champ Clark III [ccl...@quadrantsec.com]
Quadrant Main Site: http://www.quadrantsec.com
Sagan Main Site: http://sagan.quadrantsec.com
What is Sagan?
Sagan is an open source (GNU/GPLv2) high performance, real time log
analysis & correlation engine. It's written in C and uses a
multithreaded architecture to deliver high performance log & event
analysis. Sagan rules and structure work similar to Sourcefires
?Snort? IDS engine. This is done to maintain compatibility with rule
management software (oinkmaster/pulledpork/etc) and allows Sagan the
ability to correlate log events with your Snort IDS/IPS system.
Since Sagan can write to Snort IDS/IPS databases via
unified2/barnyard2 or direct SQL access, it's compatible with all
Snort ?consoles?. For example, Sagan works fine with Snorby
[http://sguil.sourceforge.net] and the Prelude IDS framework! For more
information, please visit the Sagan web site:
What's new in Sagan?
- - This release is largely a bug fix for the Sagan "after:" directive.
Older verions of Sagan (0.2.1--) incorrectly handled the "after:"
flag/directive. New versions of the Sagan rules make heavy use of
"after:". In one week we'll be pushing out a major rule set update.
This new rule update will potentially break 0.2.1-- clients. Please
- - Added content negation at the request of DigAngel. This means you
can do things like:
content: "Find this"; content: ! "But don't find this";
- - Several other minor bug fixes.
What's in the future for Sagan?
- - New pre-processors for log analysis for better anomaly detection.
- - Better multi-CPU support on CPU intensive operations.
Where's an online demo?
For an online demo of Sagan and Snorby in action, please go to:
You'll notice the ?Sagan? sensor online and reporting log data.
General questions about Sagan should be direct to the Sagan mailing
list. That is located at http://groups.google.com/group/sagan-users.
Author specific questions should be directed to Champ Clark II
- - Champ Clark III (ccl...@quadrantsec.com)
Quadrant Information Security (http://quadrantsec.com)
Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
GPG Key ID: 0381878A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----