Tools in the Sguil Suite
Other NSM Tools
The practice of Network Security Monitoring (NSM) is so broad that it encompasses both traditional IDS/IPS and other network information gathering techniques, all focused on providing an intrusion analyst with the best possible information in the shortest amount of time. NSMWiki was started by a group of analysts, is written by analysts and it's sole purpose is to help analysts. As it is sponsored by the Sguil project, there is obviously a lot of Sguil-specific information here. However, not everyone who does NSM uses Sguil (we're working on that). Consequently, we view NSMWiki as more of a general NSM resource.
Like any other Wiki (e.g., Wikipedia), NSMWiki is a collaborative environment for sharing all sorts of IDS- and NSM-related information. Anyone is free to read and contribute as they see fit. Please do try to keep things on topic. Anything vaguely related to NSM, IDS, traffic analysis or other network security topic is fair game. Just by visiting NSMWiki, you're already helping to make it a popular source of information about NSM. Thank you.
If you're interested in doing more, the best thing you could do is to contribute something. If you know of a subject that needs to be covered here, feel free to write about it in the wiki. If you're not sure what topic to start with, you can always start with one of our Wanted Pages.
One thing I would like is to have a nice Sguil-specific skin for the wiki. Nothing gaudy or fancy, but something that's not just the standard MediaWiki default. If you've got some graphic design skills and would like to help, contact me.