You might find it useful to view some of the NSM- and Sguil-related presentations that have been given in the past few years. Here's a partial list. If you've done a good one, please feel free to add it below!
- EZ Snort Rules: Find the Truffles, Leave the Dirt Writing your own Snort IDS rules may seem like a daunting task at first, but it's really not difficult. Learn rule-writing basics and start finding the truffles in your network today! Presentation
- Open Source Network Security Monitoring With Sguil Sguil is the de facto reference implementation of the Network Security Monitoring (NSM) methodology. Find out how Sguil can help your IDS analysts do their job faster and more efficiently. Presentation
- Network Security Monitoring with Sguil Two members of the Sguil project team discuss Network Security Monitoring at ShmooCon 2006. Presentation, Video