min-width: mobile
min-width: 400px
min-width: 550px
min-width: 750px
min-width: 1000px
min-width: 1200px
NOTICE We have updated our Privacy Policy to include GDPR and the use of cookies. Click "Accept" to continue. ACCEPT

Blog

Sagan rule update!

Posted by Champ Clark on November 07, 2018

This is a large rule update which is long over due.  This rule update  improves the detection,  accuracy and preformance of Sagan.   For more informatin about Sagan see:

https://quadrantsec.com/sagan_log_analysis_engine/

* Sagan Rule ChangeLog - 2018/11/08

* New watchguard.rules!  https://github.com...
Continue Reading

Posted in Announcements

Sagan version 1.2.1 released!

Posted by Champ Clark on November 07, 2018

Quadrant Information Security is proud to release the Sagan (GPLv2/Open Source) log analysis engine version 1.2.1!   Please keep in mind that if you are upgrading from an older version of Sagan,  you will need to remove old IPC data as 1.2.1 is not compatible with older Sagan IPC data.

For more information about Sagan, ...
Continue Reading

Posted in Announcements

Quadrant’s public DNS resolver with TLS & HTTPS support.

Posted by Champ Clark on October 29, 2018

Quadrant Information Security now offers “DNS over TLS” and “DNS over HTTPS” to the general public. Why is this important? When using services like Google’s public DNS (8.8.8.8 and 8.8.4.4) or your ISP’s DNS servers, the traffic is sent unencrypted.  This means that the requests are subject to DNS hijacking, and...
Continue Reading

Posted in Announcements

Using Jack Crook’s log analysis concepts with Sagan

Posted by Champ Clark on January 07, 2018

* Note:  This blog was updated Jan 30th, 2018.   We've updated some of the rules after testing in produciton enviroments.  Rules that do not have updates are considered stable and already providing value. 

Several months ago I started following a fellow "log junkie" on Twitter named Jack Crook (Twitter: @jackcr).  ...
Continue Reading

Posted in Announcements

Sagan Technology Latest Release Includes Malware Detonation

Posted by Kat Casey on September 05, 2017

JACKSONVILLE, Fla., Sep 05, 2017 (BUSINESS WIRE) -- Quadrant Information Security announces the next release of their Sagan Technology, which will include a new Malware Detonation component. This release will allow Sagan sensors the ability to extract files traversing the customer infrastructure, and detonate these files in a secure off-premise cloud environment.

“Adversaries are getting smarter and it...
Continue Reading

Sagan “global” xbits.  Escaping the island.

Posted by Champ Clark on July 11, 2017

Early in the development of Sagan “xbits,” we noticed a couple of limitations.

For one, Sagan didn’t have the ability to “remember” xbits between process restarts meaning that that all the data Sagan had been collecting (xbits, threshold, etc.) would be lost during a reboot or process restart.

The...
Continue Reading

Posted in Announcements

New features in the release of our Sagan 3.0.1

Posted by Kat Casey on March 29, 2017

Here are some of the cool, new features in our recent Sagan 3.0.1 release this week. 

E-mail format changes: 

We have made some minor modifications to our alert e-mail format. The new format features the more important alert data toward the top of the e-mail. This change was initiated based on client feedback...
Continue Reading
Posted in Announcements

Sagan 3.0: New Features & Functionality

Posted by Kat Casey on November 29, 2016

We have been working on Sagan 3.0 for several months now, and wanted to share with you some of the new features and functionality that you will experience in the console and via Quadrant support.

Some of the new UI/UX feature updates include:

New framework being used, which provides more security in production, and...
Continue Reading

Dynamic Rules with Sagan.

Posted by Champ Clark on November 14, 2016

One of the biggest problems faced with log monitoring is ensuring that the proper rules are loaded. Just like with packet based IDS systems, during the installation and setup process, you typically enable the rules that you think are relevant to your environment. The problem is, environments change over time and we might neglect to go back and determine...
Continue Reading