Graph of the Week at http://qosient.com/argus

Richard Bejtlich taosecurity at gmail.com
Thu Sep 14 09:25:31 EDT 2006


On 9/14/06, Olaf Gellert <olaf.gellert at intrusion-lab.net> wrote:
> With prelude we collect SNORT data and ARGUS data
> so we can match them. This is pretty handy: For every alert from
> snort (which only lists the contents of the packet that raised the
> alert) we get additional data from argus (packet and byte count
> of the connection, start and end time of the connection). And of
> course we are especially interested in evaluating those argus
> records that have not raised a snort alert but look fishy (that gives
> way to anomaly detection). But this is still unfinished work.
>

Hi Olaf,

If you like that you should try Sguil (www.sguil.net).

While we don't support Argus records natively yet, we're looking at an
API for arbitrary data sources, like Argus (probably for Sguil 2.0).

Sincerely,

Richard



More information about the argus mailing list