Directory
Host IDS
A Host IDS monitors host and server event/sys logs from multiple sources for suspicious activity. Host IDS are best placed to detect computer misuse from trusted insiders and those who have already infiltrated your network. Okay, IMHO what I have just described is an event log manager, a true Host IDS will apply some signature analysis across multiple events/logs and/or time, heuristical profiling is another useful way to spot nefarious activity. NOTE it is felt that this battle of terms with the vendor marketeers regarding what actually constitutes a Host IDS vs an event log manager has been lost. therefore a HIDS can be any of the above.
GFI Events Manager Featured
Visit the Product Site
GFI EventsManager is an events monitoring, management and archiving solution that helps organization meet legal and regulatory compliance such as SOX, PCI DSS, and HIPAA. This award-winning software supports a wide range of event types such as W3C, Window ...
McAfee Host Intrusion Prevention for desktops
Visit the Product Site
Enforce policies, set firewall rules, and keep desktops safe
How do you successfully manage security and connectivity policies for desktops and laptops in a global enterprise? Desktop protection can be a challenge, as any security specialist can tell y ...
IBM RealSecure Server Sensor
Visit the Product SiteRealSecure Server Sensor provides automated, real-time intrusion protection and detection by analyzing events, host logs, and inbound and outbound network activity on critical enterprise servers to block malicious activity from damaging critical assets. ...
Symantec Host IDS - ex 'Intruder Alert'
Visit the Product SiteSymantec Host IDS provides real-time monitoring, detection, and prevention of security breaches, delivering automated policy enforcement and incident response for servers, applications, and data. As a complement to firewalls and other access controls, it ...
Swatch
Visit the Product SiteSwatch started out as the "simple watchdog" for activly monitoring log files produced by UNIX's syslog facility. It has since been evolving into a utility that can monitor just about any type of log. Stephen E. Hansen and Todd Atkins. Automated system ...
CSA StormWatch and SHS
Visit the Product SiteOKENA StormWatch defends against the proliferation of attacks across networks by deploying intelligent agents across desktops and servers to ensure their integrity. StormWatch agents intercept an application's resource requests to the operating system to ...
SNIPS formerly NOCOL
Visit the Product SiteSNIPS (System & Network Integrated Polling Software) is a system and network monitoring software that runs on Unix systems and can monitor network and system devices. It is capable of monitoring DNS, NTP, TCP or web ports, host performance, syslogs, radiu ...
Sourcefire RUA
Visit the Product SiteSourcefire RUA enables customers for the first time to correlate threat, endpoint, and network intelligence with user identity information---equipping them to identify the source of policy breaches, attacks, or network vulnerabilities immediately. Much mo ...
SNARE Agents (others)
Visit the Product SiteSnare Agent for Windows (ex-BackLog) Snare for Windows provides front end filtering, remote control, and remote distribution for Windows eventlog data. Formally known as BackLog, Snare for Windows interfaces into the Windows EventLog subsystem. It can be ...
SNARE Agent for Linux (ex-SNARE)
Visit the Product SiteSNARE is divided into two components, the snare-core package and the snare GUI. Both components are open source, and are licenced under the GNU Public Licence. The snare-core package includes the SNARE audit kernel module and the audit daemon. The snare p ...
SNARE Server
Visit the Product SiteSystem iNtrusion Analysis and Reporting Environment - Server InterSect Alliance's System iNtrusion Analysis and Reporting Environment (SNARE), is an Enterprise audit Event Log analysis solution, comprising a central audit event collection, analysis, repor ...
SentryTools (ex-Abacus Project)
Visit the Product SiteThe Abacus Project suite consists of the following tools right now: Psionic Logcheck/LogSentry - This tool is a clone of a program that ships with the TIS Gauntlet firewall but has been changed in many ways to make it work nicely for normal system auditin ...
Sebek - (already mentioned in 'Honeypots')
Visit the Product SiteEven if already mentioned in the page concering the honeypots, and even if Sebek has been written by the honeynet project, it is not exactly a honeypot. rather, it is a tool for gathering data ON a honeypot. It is used to watch the activity on a system (s ...
NetIQ Security Manager
Visit the Product Site
NetIQ Security Manager satisfies the toughest compliance mandates by automating security activity reviews, log preservation, threat management, incident response and change auditing. It provides strong protection of data residing on host systems, includin ...
M-ICE (Modular Intrusion Detection and Countermeasure E...
Visit the Product SiteThe main target of M-ICE are hostbased ID Systems but it is also possible to interoperate with other IDS architectures as long as they use the open and standarized message format IDMEF. The main goal of M-ICE is to fit for every infrastructure and to be h ...
Logsurfer
Visit the Product SiteLogsurfer is a program for monitoring system logs in real-time, and reporting on the occurrence of events. It is similar to the well-known swatch program on which it is based, but offers a number of advanced features which swatch does not support. Logs ...
LIDS
Visit the Product SiteA kernel patch and admin tool to enhance the linux kernel security, with implementation of reference monitor in kernel and Mandatory Access Control in the kernel. It provides Protection of files, Protection of process, Fine-granulate Access Controls, use ...
Kane Secure Enterprise KSE
Whilst a fantastic product KSE is sadly no longer supported by Intrusion Inc
IIS Logger
Visit the Product SiteWorking as an ISAPI filter, this products is a pure LOGGER, which can provide very extended and verbous information about the requests made to an IIS web server. This includes logging requests for those nasty exploits which in normal conditions would leav ...
HP UX 11i Host Intrusion Detection System
Visit the Product SiteHost Intrusion Detection System (HIDS) is a standard feature of HP-UX 11i security capabilities, making HP the only systems vendor to offer its own host intrusion detection product. HIDS enhances host-level security with near real-time automatic monitorin ...