Sagan
来自Sagan官网:https://quadrantsec.com/services_technology/product_technology/
Sagan是一个多线程的,实时的安全信息事件管理分析软件,它跟Snort很像,并且它能够使用Snort的规则,包含7500多个攻击特征,用来检测攻击。
Furthermore, the Sagan console also has these unique features:
QSearch - Allows the customer to be able to search through their logs, and provides faster results than searching logs themselves or waiting on results from analysts. All of the data is indexed allowing for expedited searches. Tested results thus far have shown that the new search algorithms are even capable of processing more data in less time. This functionality was built in-house allowing for constant growth and future add-ons.
Reporting - The new report tool is a web application that provides customizable report generation using modular tools. Customers will be able to identify the sets of data that they are most interested in, quickly create various data visualizations, and save their favorite templates to their report dashboard. You can access our reporting tools from the Sagan console.
Reputation Database - Quadrant has accumulated, and continues to pursue, information regarding numerous malicious IP addresses. Threats validated by security analysts, and the associated sources of those threats, are "injected" into a reputation database. Addresses placed into the reputation database will be immediately accessible to a Sagan API, enabling Sagan to more quickly identify threats from the known malicious sources.
Threat Intelligence (Bluedot) - Threat intelligence is one of the big buzzwords in InfoSec today. Where many organizations fall short, however, is in understanding what intelligence is and how it should be leveraged. Intelligence is a product resulting from the collection, exploitation, and analyses of information which is used to support decision making by reducing uncertainty. Intelligence must be actionable, relevant, and timely. Blacklists do not provide context with respect to industries, attacker TTP's, or the ability to identify trends or forecast threats, whereas intelligence does. Intelligence helps determine "Why", "So what", and "What next,” among other things. Quadrant understands what threat intelligence is, and is currently engaged in developing a robust intelligence platform designed to support the tactical, operational, and strategic goals of your organization.
What does Quadrant use Sagan for?
Quadrant utilizes the product in-house to manage our 24/7 Managed IDS / IPS services for customers. We also provide the Sagan software (command line version / Open Source) to the security community. Sagan has the capability to manage events from the following assets:
- -Routers (Cisco, etc)
- -Managed network switches
- -Firewalls (Sonicwall, Fortigate, etc)
- -IDS/IPS systems (Cisco, Fortigate, etc)
- -Linux and Unix systems (services, kernel messages, etc)
- -Windows based networks (Event logs, etc)
- -Wireless access points (Cisco, D-Link, etc)
- -Host based IDS systems (HIDS) ( AIDE, OSSEC, etc)
- -Detection of rogue devices on networks (via Arpalert, etc)
- -Much, much more…..Sagan gives us a broad range of devices, services, applications that we can monitor. For example, if your organization is a "Cisco shop" and you don't want to deploy Snort based IDS/IPS sensors, it really doesn't matter to our staff. We can monitor the Cisco devices just as we would a Snort based IDS/IPS solution.
Snort
最新文章
- System.UnauthorizedAccessException Access to the path "/etc/mono/registry" is denied.
- mysql 语句解释执行顺序
- PowerManager和WakeLock的操作步骤
- require
- HTTPS and the TLS handshake protocol阅读笔记
- (转)用AGG实现高质量图形输出(一)
- Android开发之异步消息处理机制AsyncTask
- Activity的绘制流程简单分析(基于android 4.0源码进行分析)
- 【LaTeX排版】LaTeX论文排版<三>
- Java 集合 LinkedList的ListIterator
- java kill thread command line
- Unity的Input输入
- Django-website 程序案例系列-10 cookie 和 session的应用
- 最大公约数gcd与最小公倍数lcm
- Oracle 用户 表 表空间之间的关系和管理
- OSGi 系列(七)之服务的监听、跟踪、声明等
- keepalive 原理讲解
- mysql 数据表的引擎 MyISAM 和 InnoDB
- SQL Server 不同网段IP通过名称访问
- 逆序对 分治nlogn