My friend Shirkdog offers this post about doing NSM without the backend database that solutions like Sguil offer. Personally, I'm not a fan of using grep for my core analysis workflow, but I am a fan of doing whatever gets the job done, within the limits of the resources available to you.
1 comment:
Shirkdog should just admit he wants to use Sguil and leave poking around in text files to people stuck in the early 1990s.
Post a Comment