Discussion:
[Sguil-devel] Test Scripts for Generating Sguil Events
Dave Crawford
2011-06-08 23:33:06 UTC
Permalink
Does anyone have some scripts or test rigs for quickly generating a large number of events in Sguil?

-Dave
Jim Chrisos
2011-06-09 13:29:58 UTC
Permalink
No, but I'd just write a snort rule that basically fires on anything if I
wanted to feed it a bunch of events. Not sure if that would fit with what
you're trying to do but thought I'd throw that out there.
Post by Dave Crawford
Does anyone have some scripts or test rigs for quickly generating a large
number of events in Sguil?
-Dave
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Sguil-devel mailing list
https://lists.sourceforge.net/lists/listinfo/sguil-devel
Dave Crawford
2011-06-09 13:58:10 UTC
Permalink
Thanks Jim. I'm looking to quickly generate around 700 uncategorized distinct events for display in the client. Like you, I created custom snort rules to fire on almost anything, but that only produces a few events (but with a high count) in the client.

-Dave
No, but I'd just write a snort rule that basically fires on anything if I wanted to feed it a bunch of events. Not sure if that would fit with what you're trying to do but thought I'd throw that out there.
Does anyone have some scripts or test rigs for quickly generating a large number of events in Sguil?
-Dave
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Sguil-devel mailing list
https://lists.sourceforge.net/lists/listinfo/sguil-devel
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev_______________________________________________
Sguil-devel mailing list
https://lists.sourceforge.net/lists/listinfo/sguil-devel
Eoin Miller
2011-06-09 17:29:54 UTC
Permalink
Post by Dave Crawford
Thanks Jim. I'm looking to quickly generate around 700 uncategorized
distinct events for display in the client. Like you, I created custom
snort rules to fire on almost anything, but that only produces a few
events (but with a high count) in the client.
-Dave
mysqldump from another install or just reprocessing unified2 output
files in batch mode with barnyard2 in order to populate a new test database?

-- Eoin
Eoin Miller
2011-06-09 17:32:37 UTC
Permalink
Post by Eoin Miller
Post by Dave Crawford
Thanks Jim. I'm looking to quickly generate around 700 uncategorized
distinct events for display in the client. Like you, I created custom
snort rules to fire on almost anything, but that only produces a few
events (but with a high count) in the client.
-Dave
mysqldump from another install or just reprocessing unified2 output
files in batch mode with barnyard2 in order to populate a new test database?
-- Eoin
Forgot to add things like snot and stick. The create packets that should
trigger alerts based on your Snort rules.

http://www.securityfocus.com/tools/1974
http://www.securityfocus.com/tools/1983

-- Eoin

Loading...