Sagan is an open source (GNU/GPLv2) multi-threaded, high performance, real-time log analysis & correlation engine developed by Quadrant Information Security that runs on Unix operating systems. It is written in C and uses a multi-threaded architecture to deliver high performance log & event analysis. Sagan's structure and rules work similarly to the Sourcefire Snort IDS/IPS engine. This allows Sagan to be compatible with Snort or Suricata rule management software and gives Sagan the ability to correlate with Snort IDS/IPS data.
Sagan supports different output formats for reporting and analysis, log normalization, script execution on event detection, GeoIP detection/alerting and time sensitive alerting.
See also
- Free Software portal
- HOWTO build Sagan on FreeBSD
- Champ Clark talks about Sagan on "Pauldotcom Security weekly" - December, 12th, 2013.
- Log, Log, Log Everything Remotely.
External links
- About Sagan
- Official Sagan Wiki
- Sagan flowbits
- Using Sagan with Bro Intelligence feeds
- Sagan output to other SIEMs.
References
"Sagan Main Wiki". Sagan Main Wiki. Champ Clark. https://wiki.quadrantsec.com/bin/view/Main/SaganMain ↩