Squert is a web application that is used to query and view event data stored in a Sguil database (typically IDS alert data). Squert is a visual tool that attempts to provide additional context to events through the use of metadata, time series representations and weighted and logically grouped result sets. The hope is that these views will prompt questions that otherwise may not have been asked.

Demo / Instructions / Download: https://github.com/int13h/squert

Squert 1.0 is here!


After what seems like.. OK, what was an incredibly long time I have finally completed enough of 1.0 to push something usable out the door. This new version is almost entirely written in JavaScript, which is actually a big deal considering I didn't know any when I started the rewrite. In fact, if you look hard enough you will see that I still don't :)


Notable changes:
  • Everything


More specifically:
  • I have tried to do as much client side as possible but there are still a few things that I need to migrate. This will come.
  • Event classification is complete and can be used in both grouped and exploded views. This should (hopefully) play well with TCL clients.
  • The addition of a filter generator (no more drop downs and inputs)
  • The dashboard hasn't really changed as I am in the process of removing the current charting lib and replacing it with d3.js. This will replace afterglow/graphviz as well.

grouped view

Column Descriptions:
  •     QUEUED  -  what you haven't addressed yet
  •     ALL or TOTAL  -  sum of All groupings or the Total for the current group
  •     SC  -  source address count for this group
  •     DC  -  destination address count for this group
  •     ACTIVITY  -  3 rows of 8 dots that represent the hours in a day and whether or not there was activity during each




ungrouped view




Showing the event payload (not a particularly exciting one)




Generating a transcript



    

Adding a comment to events (Incident tracking)


Using the map

You can now pan, zoom and select from the map. Clicking on a country uses the filter system (described below) to show you the related events.


The new filter system





Creating filters




 A few simple charts on the dashboard