sagan-rules_10222015-0.1_all.deb


Advertisement

Description

sagan-rules - Real-time System & Event Log Monitoring System [rules]

Distribution: Ubuntu 16.04 LTS (Xenial Xerus)
Repository: Ubuntu Universe i386
Package name: sagan-rules
Package version: 10222015
Package release: 0.1
Package architecture: all
Package type: deb
Installed size: 2.67 KB
Download size: 179.71 KB
Official Mirror: archive.ubuntu.com
Sagan is a multi-threaded, real time system- and event-log monitoring system, but with a twist. Sagan uses a “Snort” like rule set for detecting malicious events happening on your network and/or computer systems. If Sagan detects a potentially bad event, that event can be stored to a Snort database (MySQL/PostgreSQL), send it to a SIEM tool like Prelude, or send an email. This package provides the rules for Sagan.

Alternatives

    Download

    Source package: sagan-rules

    Install Howto

    1. Update the package index:
      # sudo apt-get update
    2. Install sagan-rules deb package:
      # sudo apt-get install sagan-rules

    Files

    • /etc/sagan-rules/adtran.rules
    • /etc/sagan-rules/apache.rules
    • /etc/sagan-rules/apc-emu.rules
    • /etc/sagan-rules/arp-normalize.rulebase
    • /etc/sagan-rules/arp.rules
    • /etc/sagan-rules/artillery.rules
    • /etc/sagan-rules/asterisk.rules
    • /etc/sagan-rules/attack.rules
    • /etc/sagan-rules/bash.rules
    • /etc/sagan-rules/bind.rules
    • /etc/sagan-rules/blacklist.rules
    • /etc/sagan-rules/bluedot-catagories.conf
    • /etc/sagan-rules/bluedot.rules
    • /etc/sagan-rules/bonding.rules
    • /etc/sagan-rules/bro-ids.rules
    • /etc/sagan-rules/bro-intel.rules
    • /etc/sagan-rules/bro-normalize.rulebase
    • /etc/sagan-rules/cacti-thold.rules
    • /etc/sagan-rules/cisco-acs.rules
    • /etc/sagan-rules/cisco-aetas.rules
    • /etc/sagan-rules/cisco-blacklist.rules
    • /etc/sagan-rules/cisco-brointel.rules
    • /etc/sagan-rules/cisco-correlated.rules
    • /etc/sagan-rules/cisco-cucm.rules
    • /etc/sagan-rules/cisco-geoip.rules
    • /etc/sagan-rules/cisco-ios.rules
    • /etc/sagan-rules/cisco-malware.rules
    • /etc/sagan-rules/cisco-normalize.rulebase
    • /etc/sagan-rules/cisco-pixasa.rules
    • /etc/sagan-rules/cisco-prime.rules
    • /etc/sagan-rules/cisco-sdee.rules
    • /etc/sagan-rules/cisco-wlc.rules
    • /etc/sagan-rules/citrix-blacklist.rules
    • /etc/sagan-rules/citrix-bluedot.rules
    • /etc/sagan-rules/citrix-brointel.rules
    • /etc/sagan-rules/citrix-correlated.rules
    • /etc/sagan-rules/citrix-geoip.rules
    • /etc/sagan-rules/citrix-normalize.rulesbase
    • /etc/sagan-rules/citrix.rules
    • /etc/sagan-rules/classification.config
    • /etc/sagan-rules/courier-correlated.rules
    • /etc/sagan-rules/courier-geoip.rules
    • /etc/sagan-rules/courier.rules
    • /etc/sagan-rules/cylance.rules
    • /etc/sagan-rules/deleted.rules
    • /etc/sagan-rules/digitalpersona.rules
    • /etc/sagan-rules/dns-normalize.rulebase
    • /etc/sagan-rules/dovecot.rules
    • /etc/sagan-rules/fatpipe-aetas.rules
    • /etc/sagan-rules/fatpipe-correlated.rules
    • /etc/sagan-rules/fatpipe-geoip.rules
    • /etc/sagan-rules/fatpipe.rules
    • /etc/sagan-rules/fortinet-aetas.rules
    • /etc/sagan-rules/fortinet-correlated.rules
    • /etc/sagan-rules/fortinet-geoip.rules
    • /etc/sagan-rules/fortinet-malware.rules
    • /etc/sagan-rules/fortinet-normalize.rulebase
    • /etc/sagan-rules/fortinet.rules
    • /etc/sagan-rules/ftpd.rules
    • /etc/sagan-rules/gen-msg.map
    • /etc/sagan-rules/grsec.rules
    • /etc/sagan-rules/honeyd.rules
    • /etc/sagan-rules/hordeimp.rules
    • /etc/sagan-rules/hostapd.rules
    • /etc/sagan-rules/huawei.rules
    • /etc/sagan-rules/imap-normalize.rulebase
    • /etc/sagan-rules/imapd-correlated.rules
    • /etc/sagan-rules/imapd-geoip.rules
    • /etc/sagan-rules/imapd.rules
    • /etc/sagan-rules/imperva-normalize.rulebase
    • /etc/sagan-rules/ipop3d.rules
    • /etc/sagan-rules/juniper-aetas.rules
    • /etc/sagan-rules/juniper-geoip.rules
    • /etc/sagan-rules/juniper.rules
    • /etc/sagan-rules/kismet.rules
    • /etc/sagan-rules/knockd.rules
    • /etc/sagan-rules/linux-kernel-normalize.rulebase
    • /etc/sagan-rules/linux-kernel.rules
    • /etc/sagan-rules/milter.rules
    • /etc/sagan-rules/mongodb.rules
    • /etc/sagan-rules/mysql.rules
    • /etc/sagan-rules/nexpose.rules
    • /etc/sagan-rules/nfcapd-malware.rules
    • /etc/sagan-rules/nfcapd-normalize.rulebase
    • /etc/sagan-rules/nfcapd.rules
    • /etc/sagan-rules/nginx.rules
    • /etc/sagan-rules/ntp.rules
    • /etc/sagan-rules/openssh-aetas.rules
    • /etc/sagan-rules/openssh-correlated.rules
    • /etc/sagan-rules/openssh-geoip.rules
    • /etc/sagan-rules/openssh-normalize.rulebase
    • /etc/sagan-rules/openssh.rules
    • /etc/sagan-rules/openvpn.rules
    • /etc/sagan-rules/oracle.rules
    • /etc/sagan-rules/ossec-mi.rules
    • /etc/sagan-rules/ossec.rules
    • /etc/sagan-rules/php.rules
    • /etc/sagan-rules/postfix.rules
    • /etc/sagan-rules/postgresql.rules
    • /etc/sagan-rules/pptp.rules
    • /etc/sagan-rules/procurve-normalize.rulebase
    • /etc/sagan-rules/procurve.rules
    • /etc/sagan-rules/proftpd-aetas.rules
    • /etc/sagan-rules/proftpd-geoip.rules
    • /etc/sagan-rules/proftpd.rules
    • /etc/sagan-rules/protocol.map
    • /etc/sagan-rules/proxy-malware.rules
    • /etc/sagan-rules/pure-ftpd.rules
    • /etc/sagan-rules/racoon.rules
    • /etc/sagan-rules/reference.config
    • /etc/sagan-rules/riverbed-aetas.rules
    • /etc/sagan-rules/riverbed-geoip.rules
    • /etc/sagan-rules/riverbed.rules
    • /etc/sagan-rules/roundcube.rules
    • /etc/sagan-rules/rsync.rules
    • /etc/sagan-rules/sagan-sid-msg.map
    • /etc/sagan-rules/samba.rules
    • /etc/sagan-rules/sendmail.rules
    • /etc/sagan-rules/smtp-normalize.rulebase
    • /etc/sagan-rules/snort-geoip.rules
    • /etc/sagan-rules/snort-normalize.rulebase
    • /etc/sagan-rules/snort.rules
    • /etc/sagan-rules/solaris.rules
    • /etc/sagan-rules/sonicwall-normalize.rulebase
    • /etc/sagan-rules/sonicwall.rules
    • /etc/sagan-rules/squid.rules
    • /etc/sagan-rules/ssh-tectia-server-aetas.rules
    • /etc/sagan-rules/ssh-tectia-server-correlated.rules
    • /etc/sagan-rules/ssh-tectia-server-geoip.rules
    • /etc/sagan-rules/ssh-tectia-server.rules
    • /etc/sagan-rules/su-normalize.rulebase
    • /etc/sagan-rules/su.rules
    • /etc/sagan-rules/symantec-ems.rules
    • /etc/sagan-rules/syslog.rules
    • /etc/sagan-rules/tcp.rules
    • /etc/sagan-rules/telnet.rules
    • /etc/sagan-rules/tripwire.rules
    • /etc/sagan-rules/vmpop3d.rules
    • /etc/sagan-rules/vmware-correlated.rules
    • /etc/sagan-rules/vmware-geoip.rules
    • /etc/sagan-rules/vmware-normalize.rulebase
    • /etc/sagan-rules/vmware.rules
    • /etc/sagan-rules/vpopmail.rules
    • /etc/sagan-rules/vsftpd-correlated.rules
    • /etc/sagan-rules/vsftpd-geoip.rules
    • /etc/sagan-rules/vsftpd.rules
    • /etc/sagan-rules/web-attack.rules
    • /etc/sagan-rules/weblabrinth.rules
    • /etc/sagan-rules/windows-aetas.rules
    • /etc/sagan-rules/windows-applocker.rules
    • /etc/sagan-rules/windows-auth.rules
    • /etc/sagan-rules/windows-blacklist.rules
    • /etc/sagan-rules/windows-bluedot.rules
    • /etc/sagan-rules/windows-brointel.rules
    • /etc/sagan-rules/windows-correlated.rules
    • /etc/sagan-rules/windows-emet.rules
    • /etc/sagan-rules/windows-geoip.rules
    • /etc/sagan-rules/windows-malware.rules
    • /etc/sagan-rules/windows-misc.rules
    • /etc/sagan-rules/windows-mssql.rules
    • /etc/sagan-rules/windows-normalize.rulebase
    • /etc/sagan-rules/windows-owa-blacklist.rules
    • /etc/sagan-rules/windows-owa-bluedot.rules
    • /etc/sagan-rules/windows-owa-brointel.rules
    • /etc/sagan-rules/windows-owa-correlated.rules
    • /etc/sagan-rules/windows-owa-geoip.rules
    • /etc/sagan-rules/windows-owa.rules
    • /etc/sagan-rules/windows.rules
    • /etc/sagan-rules/wordpress.rules
    • /etc/sagan-rules/xinetd.rules
    • /etc/sagan-rules/zeus.rules
    • /usr/share/doc/sagan-rules/changelog.Debian.gz
    • /usr/share/doc/sagan-rules/copyright

    Changelog

    2015-12-23 - Herbert Parentes Fortes Neto <hpfn@ig.com.br> sagan-rules (10222015-0.1) unstable; urgency=low * Non-maintainer upload. * New upstream release. (Closes: #681792). Thanks Micah Anderson. * debian/control: - Bumped Standards-Version to 3.9.6. * debian/rules: - *.map *.rulebase *.rulesbase *.conf added to install. * debian/watch fixed.

    2011-02-15 - Pierre Chifflier <pollux@debian.org> sagan-rules (10212010-r1-1) unstable; urgency=low * Initial release (Closes: #618674)

    Advertisement
    Advertisement