Today's threat landscape demands that you have all the available tools in your arsenal. Whether you are using commercial, custom or open source tools, SentryWire's Application Node easily allows you to instrument to your existing security applications. SentryWire's industry standard RESTful API allows for easy integration to any commercial, custom or open source application. SentryWire has been instrumented to many of the leading commercial security tools such as ArcSight, Avaya, Gigamon and LogRhythm. SentryWire has also been instrumented to some of the leading open source security tools.
SGUIL (pronounced sgweel) - Out-of-the-box, this is a feature rich graphical user interface which provides real-time access to events, session data and packet data captured by SNORT or SURICATA IDS systems. SGUIL facilitates the practice of Network Security Monitoring and event driven analysis. This functional & integration specifications will detail how to leverage SNORT and SURICATA by playing PCAP files and sending session data coming from the SentryWire to SGUIL.
Enterprise Log Search and Archive (ELSA) - is a centralized syslog framework built on Syslog-NG, MySQL and Sphinx full-text search. It provides a fully asynchronous web-based query interface that normalizes logs and makes searching billions of them for arbitrary strings as easy as searching the web (Holste, 2012). ELSA's inegration with SentryWire will provide a SIEM alternative (think ArcSight and Splunk).
SQUERT - is a web-based application which is designed to query SGUIL database and to retrieve IDS alert data. It provides additional context to events through the use of metadata, time series representations and weighted and logically grouped result sets (Halliday 2011). SQUERT is not a replacement for SGUIL client and it is not intended to be a real-time or near real-time event console. It is merely an additional tool in forensics professional toolbox.
SNORT - is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, it is the most widely deployed IDS/IPS technology worldwide (Snort 2012). The success of SentryWire-SNORT is key to providing IPS at line speed.
The SentryWire-SNORT pairing can provide real-time firewalling of cyberattacks. This is accomplished by the ability of SentryWire to route a segment of an ongoing traffic to an "inline" SNORT or SURICATA so that it can terminate the session.
OSSEC - is an open source Host-based Intrusion Detection System (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, Mac OS X, Solaris and Windows (OSSEC, 2012).
PADS - is a passive asset detection system. It will listen to a network and attempt to provide an up-to-date look at the hosts and services running on the network. The application operates invisibly and will never release a packet in the network (Source Forge, 2005). PADS brings a little bit of asset management to the SentryWire analytical node by recording and identifying assets seen on the network by actively "scanning" a system.
Network Miner - is one of the analytical tools in Network Security professional toolbox that is integrated with SQUIL. Network Miner can be invoked from the SQUIL user interface to provide analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.