Squert is a web application that is used to query and view event data stored in a Sguil database (typically IDS alert data). Squert is a visual tool that attempts to provide additional context to events through the use of metadata, time series representations and weighted and logically grouped result sets. The hope is that these views will prompt questions that otherwise may not have been asked.
Intro Video:
Requirements
- Sguil 0.9.0 http://sguil.net. If you use Security Onion http://securityonion.blogspot.ca you can get everything setup rather quickly.
- PHP55 with CLI
- mysql
- TCL, TclX
- mysqltcl
- uri
- ftp
- ftp::geturl
- md5
- MySQL client