Get a high performance, real-time log analysis & correlation engine
Sagan is an open source (GNU/GPLv2) high performance, real-time log analysis & correlation engine that run under *nix operating systems (Linux/FreeBSD/OpenBSD/etc). It is written in C and uses a multi-threaded architecture to deliver high performance log & event analysis. Sagan’s structure and rules work similarly to the Sourcefire/Cisco Snort or Suricata IDS/IPS engine.
It maintains compatibility with rule management software (oinkmaster/pulledpork/etc) and allows Sagan to correlate log events with your Snort/Suricata IDS/IPS system.
Sagan supports many different output formats, log normalization (via http://www.liblognorm.com), script execution on event detection, GeoIP detection/alerting, multi-line log support, time sensitive alerting and much more.
While the majority of systems support protocols like ‘syslog’, you can use software like NXLog to send Sagan Microsoft Windows logs.
The development of Sagan is sponsored by Quadrant Information Security Team.
For more details information, visit the Sagan “Read The Docs” page at https://sagan.readthedocs.org
Download Sagan – https://download.quadrantsec.com
Download Sagan Rules – https://rules.quadrantsec.com
Sagan on Github – https://github.com/quadrantsec/sagan
Sagan Documentation – https://sagan.readthedocs.org
Issues & Bugs – https://github.com/quadrantsec/sagan/issues
Sagan Mailing List – https://groups.google.com/g/sagan-users
Healthcare client needed to reassess their security strategy around compliance, monitoring, and working remotely.
The customer needed to replace a SIEM product and outsource their network security monitoring.
A complete security solution that reduced the burden on the staff so they can focus on more essential activities to the firm.