We have finished up our first round of testing against the modified version of the Sguil client (we have modified the 0.7.0 CVS version). Using the alert information displayed in the Sguil client we create a query and feed it into the NetWitness API through a vbscript which calls explorer.exe and passes it a NetWitness [...]
|
||||||
|
We will be deploying NetWitness soon and we have been looking for how to leverage it for the packet capture portion of our new centralized Sguil deployment instead of sancp or daemonlogger. We have come up with a way, all be it a bit hackish, of modifying the Sguil client to allow you to view [...] We really do love Sguil, but the client and server lack a few desirable things. As far as I can tell, there is only one SQL connection shared between the server and all the clients connecting to it. Obviously if someone runs a SANCP query that is a little over the top, until it comes back [...] If you have ever tried to use the Sguil client’s reverse DNS under the IP Resoluation tab and noticed that it caused the application to be unresponsive, here is the reason why. Tcl uses TCP for DNS by default. So if your DNS server does not allow TCP DNS, the client just sits there endlessly [...] |
||||||
|
Copyright © 2010 Trojaned Binaries - All Rights Reserved |
||||||