SANS' GIAC just published Sguil contributor Chris Reining's GCIA practical titled The State of Intrusion Detection (.pdf). This is not a follow-on to the 1999 CERT classic State of the Practice of Intrusion Detection Technologies. Rather, Chris describes the shortcomings of other technologies like ACID, and how to use Sguil to detect and respond to intrusions. I like seeing discussion of Sguil infiltrate the SANS Reading Room. Incidentally -- I haven't read all of Chris' paper with a critical eye yet, so I can't vouch for his conclusions right now.
On the lighter side, system administrator extraordinaire Bill Bilano just announced "Severe exploit found, all UNIX are affected!" This was my favorite line:
"Northcutt better take out that section about the Mitnik attack in that terrible book he is always rehasing with only a spit-shine and fancy new cover because here comes something leaner and meaner! (I have re-bought that nut's book eight times and it is always the same old cruft over and over but here wont be a ninth purchase, you bet your pink pajamas!) Someone needs to tell him that SANS is not the MANS! LOL!"