来自Sagan官网:https://quadrantsec.com/services_technology/product_technology/

Sagan是一个多线程的,实时的安全信息事件管理分析软件,它跟Snort很像,并且它能够使用Snort的规则,包含7500多个攻击特征,用来检测攻击。

Furthermore, the Sagan console also has these unique features:

QSearch -  Allows the customer to be able to search through their logs, and provides faster results than searching logs themselves or waiting on results from analysts. All of the data is indexed allowing for expedited searches. Tested results thus far have shown that the new search algorithms are even capable of processing more data in less time. This functionality was built in-house allowing for constant growth and future add-ons.

Reporting - The new report tool is a web application that provides customizable report generation using modular tools. Customers will be able to identify the sets of data that they are most interested in, quickly create various data visualizations, and save their favorite templates to their report dashboard. You can access our reporting tools from the Sagan console.

Reputation Database - Quadrant has accumulated, and continues to pursue, information regarding numerous malicious IP addresses. Threats validated by security analysts, and the associated sources of those threats, are "injected" into a reputation database. Addresses placed into the reputation database will be immediately accessible to a Sagan API, enabling Sagan to more quickly identify threats from the known malicious sources.

Threat Intelligence (Bluedot) - Threat intelligence is one of the big buzzwords in InfoSec today. Where many organizations fall short, however, is in understanding what intelligence is and how it should be leveraged. Intelligence is a product resulting from the collection, exploitation, and analyses of information which is used to support decision making by reducing uncertainty. Intelligence must be actionable, relevant, and timely. Blacklists do not provide context with respect to industries, attacker TTP's, or the ability to identify trends or forecast threats, whereas intelligence does. Intelligence helps determine "Why", "So what", and "What next,” among other things. Quadrant understands what threat intelligence is, and is currently engaged in developing a robust intelligence platform designed to support the tactical, operational, and strategic goals of your organization.

What does Quadrant use Sagan for?

Quadrant utilizes the product in-house to manage our 24/7 Managed IDS / IPS services for customers. We also provide the Sagan software (command line version / Open Source) to the security community. Sagan has the capability to manage events from the following assets:

  • -Routers (Cisco, etc)
  • -Managed network switches
  • -Firewalls (Sonicwall, Fortigate, etc)
  • -IDS/IPS systems (Cisco, Fortigate, etc)
  • -Linux and Unix systems (services, kernel messages, etc)
  • -Windows based networks (Event logs, etc)
  • -Wireless access points (Cisco, D-Link, etc)
  • -Host based IDS systems (HIDS) ( AIDEOSSEC, etc)
  • -Detection of rogue devices on networks (via Arpalert, etc)
  • -Much, much more…..Sagan gives us a broad range of devices, services, applications that we can monitor. For example, if your organization is a "Cisco shop" and you don't want to deploy Snort based IDS/IPS sensors, it really doesn't matter to our staff. We can monitor the Cisco devices just as we would a Snort based IDS/IPS solution.

Snort

Sagan的更多相关文章

  1. SAGAN:Self-Attention Generative Adversarial Networks - 1 - 论文学习

    Abstract 在这篇论文中,我们提出了自注意生成对抗网络(SAGAN),它是用于图像生成任务的允许注意力驱动的.长距离依赖的建模.传统的卷积GANs只根据低分辨率图上的空间局部点生成高分辨率细节. ...

  2. 开源项目大全 >> ...

    http://www.isenhao.com/xueke/jisuanji/kaiyuan.php   监控系统-Nagios 网络流量监测图形分析工具-Cacti 分布式系统监视-zabbix 系统 ...

  3. LogLog

    https://github.com/rsyslog https://github.com/beave/sagan http://www.securitywarriorconsulting.com/l ...

  4. 一个不错的文章-【原创】2014年信息安全产品及厂家分类-SOC&SIEM安全厂家 | Srxh1314

    转载:http://www.srxh1314.com/2014-sec-company-soc-siem.html http://www.bugsec.org/1598.html http://www ...

  5. Dual Attention Network for Scene Segmentation

    Dual Attention Network for Scene Segmentation 原始文档 https://www.yuque.com/lart/papers/onk4sn 在本文中,我们通 ...

  6. Generative Adversarial Nets[content]

    0. Introduction 基于纳什平衡,零和游戏,最大最小策略等角度来作为GAN的引言 1. GAN GAN开山之作 图1.1 GAN的判别器和生成器的结构图及loss 2. Condition ...

  7. 语义分割之Dual Attention Network for Scene Segmentation

    Dual Attention Network for Scene Segmentation 在本文中,我们通过 基于自我约束机制捕获丰富的上下文依赖关系来解决场景分割任务.       与之前通过多尺 ...

  8. 002-MVC架构,贫血的领域模型、spring mvc,webhars使用

    一.MVC.贫血的领域模型 MVC理念是将视图与模型进行解耦. 贫血的领域模型 <领域驱动设计>定义了一组架构规则,能够指导我们更好地将业务领域集成到代码中. 其中一个核心理念是将面向对象 ...

  9. Linux,IDS入侵防御系统

    https://www.comparitech.com/net-admin/network-intrusion-detection-tools/11 2018年的顶级入侵检测工具 https://op ...

随机推荐

  1. Python导入不同文件夹下模块

    import os.path as osp import sys def add_path(path): if path not in sys.path: sys.path.insert(0, pat ...

  2. python 模块中__all__作用

    test.py文件开头写上__all__=[func1,func2] 当其他文件导入  from test import * 只会导出"[func1,func2]"里面的,其他调用 ...

  3. src.rpm包安装方法

    有些软件包是以.src.rpm结尾的,这类软件包是包含了源代码的rpm包,在安装时需要进行编译.这类软件包有多种安装方法,以redhat为例说明如下: 注意: 如果没有rpmbuild可以从系统安装光 ...

  4. ASP.NET动态网站制作(24)-- ADO.NET(3)

    前言:ADO.NET的第三节课.今天主要讲SQL Helper. 内容: 1.DataReader和DataSet的区别: (1)DataReader是一行一行地读,且只能向前读:DataSet是一次 ...

  5. c++通过类名动态创建对象

    转载:http://www.seacha.com/article.php/knowledge/cbase/2013/0615/2154.html 主要思想:在每次创建类的过程中,通过各自类的辅助类(所 ...

  6. OC对象给分类加入属性

    OC对象中不能给分类加入属性.可是在实际开发中.常常为了更好的性能须要给分类加入属性,那么 加入的属性不能有默认的成员变量.须要我们自己实现set和get方法,要用到执行时 例如以下: #import ...

  7. angularjs 遇见$scope,xxx=function()报错为该函数未定义

    本包子今天遇见一个问题,就是明明写了$scope,xx=function()但是报错了,报错显示是该函数未定义,我就很着急的先将函数写成一个全局函数,就没问题,等下午有空的时候寻思了一下,为什么全局就 ...

  8. golang 面向对象

    深入理解GO语言的面向对象_Golang_脚本之家 https://www.jb51.net/article/94030.htm 深入理解GO语言的面向对象 更新时间:2016年10月04日 10:4 ...

  9. <2013 12 17> 专业技能

    Specialties: • Mechanical design modeling using Pro/ENGINEER and SolidWorks.• Robot control, path pl ...

  10. 常用代码块:java使用系统浏览器打开url

    方法一:用于windows try { Runtime.getRuntime().exec("rundll32 url.dll,FileProtocolHandler "+url) ...