

Show HN: The Sentry – Network Traffic Analysis (& IDS, and More) Made Intuitive - tcgarvin
https://www.protectus.com/sentry/

======
tcgarvin
Hi! I'm one of the developers of the Sentry. Someone suggested I do a little
intro bit here, so here goes.

The Sentry stemmed from over a decade of doing traffic analysis (from a
security perspective) for local small and mid-sized businesses. We had a great
conglomeration of tools (ntop, cacti, snort, some custom connection indexers,
etc), but it was almost impossible to use effectively if you weren't the guy
who made it.

We wanted our clients to be able to monitor their own network, so we set about
making the Sentry. The primary feature of the Sentry is usability. Traffic
analysis is typically hard. There's no reason it needs to be.

We would love to have any feedback you guys are willing to offer. Hackernews
is famed for it's frank discussion. Bring it on.

~~~
cclements
Hi there, this looks interesting. How does Sentry differ from Moloch[1]? They
appear to be pretty similar, but then your website doesn't really contain much
info to go off of.

1\. [https://github.com/aol/moloch](https://github.com/aol/moloch)

~~~
tcgarvin
I haven't used Moloch myself, so I can't judge with complete accuracy, but
here's my take:

1\. Use case: Moloch, with it's focus on PCAP, is a cool network forensics
tool, to be sure. Our focus is not only on security, but also on performance
and troubleshooting. We use the traffic data as a foundation for integration
with IDS alerts and latency (and jitter) data. The ability to pivot between
views and visually correlate this data is incredibly (and surprisingly) useful
for IT Staff who want to know at a glance if things are correlating or not. So
I would suggest that Moloch is a little more limited in it's scope, at least
in it's default configuration.

2\. Usability: This ties in with the point below too. Our focus is making
network analysis approachable for the average IT guy. Keeping things light,
visual, and easy to use is super, super important to us. It's really the top
item on our list under, you know, having correct data.

3\. Maintainability (or SLAs, or whatever you want to call it). When I look at
Moloch, I'm reminded of Zimbra, the free email server. Last time I installed
Zimbra, it involved installing a lot of different stuff, configuring it all,
and groking a LOT of documentation for different components before it was
working to satisfaction. This is perfect for a certain market segment, the IT
guy who has the time and energy to - not really roll his own - but to be
really involved in everything that's going on.

the Sentry is not for that IT guy. We market to IT staff who don't have the
time to install and maintain a bunch of components for a single tool. They
have a security / network vision need (sorry about the buzzword) that needs to
be filled, and they don't have a month to stumble through a complex linux
install. Don't get me wrong, I personally am all about complex linux installs,
I love getting into things myself, but this product is pre-packaged, with
batteries included.

Hope that answers some of your questions!

