Sagan
来自Sagan官网:https://quadrantsec.com/services_technology/product_technology/
Sagan是一个多线程的,实时的安全信息事件管理分析软件,它跟Snort很像,并且它能够使用Snort的规则,包含7500多个攻击特征,用来检测攻击。
Furthermore, the Sagan console also has these unique features:
QSearch - Allows the customer to be able to search through their logs, and provides faster results than searching logs themselves or waiting on results from analysts. All of the data is indexed allowing for expedited searches. Tested results thus far have shown that the new search algorithms are even capable of processing more data in less time. This functionality was built in-house allowing for constant growth and future add-ons.
Reporting - The new report tool is a web application that provides customizable report generation using modular tools. Customers will be able to identify the sets of data that they are most interested in, quickly create various data visualizations, and save their favorite templates to their report dashboard. You can access our reporting tools from the Sagan console.
Reputation Database - Quadrant has accumulated, and continues to pursue, information regarding numerous malicious IP addresses. Threats validated by security analysts, and the associated sources of those threats, are "injected" into a reputation database. Addresses placed into the reputation database will be immediately accessible to a Sagan API, enabling Sagan to more quickly identify threats from the known malicious sources.
Threat Intelligence (Bluedot) - Threat intelligence is one of the big buzzwords in InfoSec today. Where many organizations fall short, however, is in understanding what intelligence is and how it should be leveraged. Intelligence is a product resulting from the collection, exploitation, and analyses of information which is used to support decision making by reducing uncertainty. Intelligence must be actionable, relevant, and timely. Blacklists do not provide context with respect to industries, attacker TTP's, or the ability to identify trends or forecast threats, whereas intelligence does. Intelligence helps determine "Why", "So what", and "What next,” among other things. Quadrant understands what threat intelligence is, and is currently engaged in developing a robust intelligence platform designed to support the tactical, operational, and strategic goals of your organization.
What does Quadrant use Sagan for?
Quadrant utilizes the product in-house to manage our 24/7 Managed IDS / IPS services for customers. We also provide the Sagan software (command line version / Open Source) to the security community. Sagan has the capability to manage events from the following assets:
- -Routers (Cisco, etc)
- -Managed network switches
- -Firewalls (Sonicwall, Fortigate, etc)
- -IDS/IPS systems (Cisco, Fortigate, etc)
- -Linux and Unix systems (services, kernel messages, etc)
- -Windows based networks (Event logs, etc)
- -Wireless access points (Cisco, D-Link, etc)
- -Host based IDS systems (HIDS) ( AIDE, OSSEC, etc)
- -Detection of rogue devices on networks (via Arpalert, etc)
- -Much, much more…..Sagan gives us a broad range of devices, services, applications that we can monitor. For example, if your organization is a "Cisco shop" and you don't want to deploy Snort based IDS/IPS sensors, it really doesn't matter to our staff. We can monitor the Cisco devices just as we would a Snort based IDS/IPS solution.
Snort
Sagan的更多相关文章
- SAGAN:Self-Attention Generative Adversarial Networks - 1 - 论文学习
Abstract 在这篇论文中,我们提出了自注意生成对抗网络(SAGAN),它是用于图像生成任务的允许注意力驱动的.长距离依赖的建模.传统的卷积GANs只根据低分辨率图上的空间局部点生成高分辨率细节. ...
- 开源项目大全 >> ...
http://www.isenhao.com/xueke/jisuanji/kaiyuan.php 监控系统-Nagios 网络流量监测图形分析工具-Cacti 分布式系统监视-zabbix 系统 ...
- LogLog
https://github.com/rsyslog https://github.com/beave/sagan http://www.securitywarriorconsulting.com/l ...
- 一个不错的文章-【原创】2014年信息安全产品及厂家分类-SOC&SIEM安全厂家 | Srxh1314
转载:http://www.srxh1314.com/2014-sec-company-soc-siem.html http://www.bugsec.org/1598.html http://www ...
- Dual Attention Network for Scene Segmentation
Dual Attention Network for Scene Segmentation 原始文档 https://www.yuque.com/lart/papers/onk4sn 在本文中,我们通 ...
- Generative Adversarial Nets[content]
0. Introduction 基于纳什平衡,零和游戏,最大最小策略等角度来作为GAN的引言 1. GAN GAN开山之作 图1.1 GAN的判别器和生成器的结构图及loss 2. Condition ...
- 语义分割之Dual Attention Network for Scene Segmentation
Dual Attention Network for Scene Segmentation 在本文中,我们通过 基于自我约束机制捕获丰富的上下文依赖关系来解决场景分割任务. 与之前通过多尺 ...
- 002-MVC架构,贫血的领域模型、spring mvc,webhars使用
一.MVC.贫血的领域模型 MVC理念是将视图与模型进行解耦. 贫血的领域模型 <领域驱动设计>定义了一组架构规则,能够指导我们更好地将业务领域集成到代码中. 其中一个核心理念是将面向对象 ...
- Linux,IDS入侵防御系统
https://www.comparitech.com/net-admin/network-intrusion-detection-tools/11 2018年的顶级入侵检测工具 https://op ...
随机推荐
- Spring MVC参数方法名称解析器
以下示例显示如何使用Spring Web MVC框架来实现多动作控制器的参数方法名称解析器. MultiActionController类可在单个控制器中分别映射多个URL到对应的方法. 所下所示配置 ...
- android代码中自定义布局
转载地址:http://blog.csdn.net/luckyjda/article/details/8760214RelativeLayout rl = new RelativeLayout(thi ...
- IDLE崩溃:IDLE's subprocess didn't make connection. Either IDLE can't start a...
今天在测试Python脚本的时候,突然间发现,脚本不能启动了,还弹出了“IDLE's subprocess didn't make connection. Either IDLE can't star ...
- 爬虫实战【8】Selenium解析淘宝宝贝-获取多个页面
作为全民购物网站的淘宝是在学习爬虫过程中不可避免要打交道的一个网站,而是淘宝上的数据真的很多,只要我们指定关键字,将会出现成千上万条数据. 今天我们来讲一下如何从淘宝上获取某一类宝贝的信息,比如今天我 ...
- L - Points on Cycle(旋转公式)
L - Points on Cycle Time Limit:1000MS Memory Limit:32768KB 64bit IO Format:%I64d & %I64u ...
- EasyNVR摄像机无插件流媒体服务器对所在操作系统配置的需求
背景需求 随着EasyNVR使用的用户越来越多,用户在使用过程中的常见问题我们也做出了一定的总结,以及在升级到3.0版本之后,我们的启动方式和配置 功能也有了一些改变.因此在此做出一些总结. 对于Ea ...
- EasyNVR智能云终端硬件使用说明(EasyNVR无插件直播服务硬件的具体使用方法)
问题背景 随着EasyNVR硬件版本(EasyNVR硬件云终端)的发布不少客户选择了EasyNVR云终端作为产品选择,在客户收到EasyNVR云终端的时候肯定都有一个疑问,那就是如何使用手头上的这个小 ...
- JQuery处理DOM元素
现有一个id为txtMyTest的元素 获取属性值 $('#id').attr('属性名'); 设置属性值 $('#id').attr('属性名','需要设置的值'); 设置多个属性 如下同时设置va ...
- 剖析与优化 Go 的 web 应用
https://mp.weixin.qq.com/s/HDsbZLOK3h8-XjejvPH2sA https://studygolang.com/articles/12685
- ehcache 常用配置项详解(三)
EhCache 给我们提供了丰富的配置来配置缓存的设置: 这里列出一些常见的配置项: cache元素的属性: name:缓存名称 maxElementsInMemory:内存中最大缓存对象数 maxE ...