Host IDSRSS

A Host IDS monitors host and server event/sys logs from multiple sources for suspicious activity.  Host IDS are best placed to detect computer misuse from trusted insiders and those who have already infiltrated your network.  Okay, IMHO what I have just described is an event log manager, a true Host IDS will apply some signature analysis across multiple events/logs and/or time, heuristical profiling is another useful way to spot nefarious activity. NOTE it is felt that this battle of terms with the vendor marketeers regarding what actually constitutes a Host IDS vs an event log manager has been lost. therefore a HIDS can be any of the above.

Commercial
Pricing Model

System auditing varies widely between differing UNIX and Linux systems, most of which lack the tools needed for easy configuration and use. Secure4Audit (previously known as auditGUARD) is a simple and easy-to-use software package for configuring and cont ...

Modified
Secure4Audit
Open Source
Pricing Model

Grsecurity is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally r ...

Modified
grsecurity
Kerry Thompson
Freeware
Pricing Model

Logsurfer is a program for monitoring system logs in real-time, and reporting on the occurrence of events. It is similar to the well-known swatch program on which it is based, but offers a number of advanced features which swatch does not support. Logsur ...

Modified
Thomas Biege
Freeware
Pricing Model

The main target of M-ICE are hostbased ID Systems but it is also possible to interoperate with other IDS architectures as long as they use the open and standarized message format IDMEF. The main goal of M-ICE is to fit for every infrastructure and to be h ...

Modified
Psionic Inc - now Cisco
Freeware
Pricing Model

The Abacus Project suite consists of the following tools right now: Psionic Logcheck/LogSentry - This tool is a clone of a program that ships with the TIS Gauntlet firewall but has been changed in many ways to make it work nicely for normal system auditin ...

Modified
Commercial
Pricing Model

Feature-rich, reliable, lightweight log collectors. Rock solid log collection is both a compliance and security imperative. Lightweight – Under 5% of CPU and 20 megs of memory Compliance – Gather data needed for PCI DSS, SOX, GDPR, HIPAA. NISPOM, PIPEDA ...

Modified
SNARE Agents
Netflix Technologies Inc.
Freeware
Pricing Model

SNIPS (System & Network Integrated Polling Software), formally NOCOL, is a system and network monitoring software that runs on Unix systems and can monitor network and system devices. It is capable of monitoring DNS, NTP, TCP or web ports, host performanc ...

Modified
Freeware
Pricing Model

Simple Log Watcher, or Swatch.pl, started out as the "simple watchdog" for activly monitoring log files produced by UNIX's syslog facility. It has since been evolving into a utility that can monitor just about any type of log. Stephen E. Hansen and Todd A ...

Modified
Commercial
Pricing Model

NetIQ Change Guardian for Windows gives you invaluable insight into the activities of, and changes implemented by, privileged-level users across your Windows systems, providing the visibility you need to protect your Windows environment, hosted data and a ...

ModifiedNever
NetIQ Change Guardian for Windows
Commercial
Pricing Model

NetIQ Change Guardian for Group Policy minimizes the risks associated with Group Policy Object (GPO) change management and helps determine and document all authorized and unauthorized Group Policy changes to the live environment. Group Policy is an ext ...

ModifiedNever
NetIQ Change Guardian for Group Policy
Commercial
Pricing Model

NetIQ Secure Configuration Manager audits system configurations and compares them to corporate policies, previous snapshots, and/or other systems. It also leverages this configuration information to reliably identify vulnerabilities and exposures, using t ...

ModifiedNever
NetIQ Secure Configuration Manager
Commercial
Pricing Model

Deep Security protects confidential data and critical applications to help prevent data breaches and ensure business continuity, while enabling compliance with important standards and regulations such as PCI, FISMA and HIPAA. Whether implemented as softwa ...

Modified
Trend Micro Deep Security