Squert and Sguil Database and Squert Graph?
bug...@gmail.com
I have been using Squert to classify my events, but noticed that when I go to Sguil those events are still there...
I have basically spent the last hour clearing all my events in Squirt but 2 I wanted to investigate... Went to Sguil and ... horror! 3000+ events still there!
I made sure to change the date range in Squert to see all events still left in the queue.
I thought Sguil and Squert were sharing the same Database, am I mistaken?
Have I just forgot to press a magic key in Sguil so my work in Squert gets reflected?
Also, whilst looking for an answer to the above quesitons, I came accross Doug's great series of blog post on Sguil and Squert... it is quite old (from 2011) and in the part 4 there is a great looking graph from Squert, has this option disapeared from the new version?
It looked so cool... kind of Malego :o)
Thanks,
Bugs.
bug...@gmail.com
http://blog.securityonion.net/2011/01/introduction-to-sguil-and-squert-part-4.html
bug...@gmail.com
I have noticed I didn't go far enough in the Squert timeline, so am working on this now. Sguil might have displayed those older events..
I am still keeping that thread because of the question on the Squert Graph...
Doug Burks
> Also, whilst looking for an answer to the above quesitons, I came accross Doug's great series of blog post on Sguil and Squert... it is quite old (from 2011) and in the part 4 there is a great looking graph from Squert, has this option disapeared from the new version?
> It looked so cool... kind of Malego :o)
--
Doug Burks
bug...@gmail.com
> The old visualizations have been totally replaced by the new visualizations.
Fair enough, and the new visualizations look much better too! (although I never used the old version) plus I guess that Maltego style graph may have not been too practical... still looked interesting though!
B.