Host IDSRSS

A Host IDS monitors host and server event/sys logs from multiple sources for suspicious activity.  Host IDS are best placed to detect computer misuse from trusted insiders and those who have already infiltrated your network.  Okay, IMHO what I have just described is an event log manager, a true Host IDS will apply some signature analysis across multiple events/logs and/or time, heuristical profiling is another useful way to spot nefarious activity. NOTE it is felt that this battle of terms with the vendor marketeers regarding what actually constitutes a Host IDS vs an event log manager has been lost. therefore a HIDS can be any of the above.

System auditing varies widely between differing UNIX and Linux systems, most of which lack the tools needed for easy configuration and use. Secure4Audit (previously known as auditGUARD) is a simple and easy-to-use software package for configuring and cont ...

VendorS4Software
Modified

EMERALD's eXpert-BSM Monitor is a host-based intrusion detection system that provides realtime security monitoring for critical application servers and workstations. eXpert-BSM provides comprehensive knowledge-base for detecting insider misuse, policy vio ...

VendorSRI International
Pricing ModelFreeware
Modified

Enterasys Dragon® ensures the confidentiality, integrity, and availability of business critical resources with industry-leading Intrusion Prevention capabilities, including: * Threat containment that leverages existing network investments * In ...

VendorEnterasys Networks
Pricing ModelCommercial
Modified

Collect and store security related data enterprise-wide for auditing, reporting, compliance verification and event monitoring. CA Audit provides you with a scalable, centralized repository that stores and analyzes audit logs and security data from a diver ...

VendorComputer Associates
Pricing ModelCommercial
Modified
grsecurity

Grsecurity is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally r ...

VendorGrSecurity
Pricing ModelOpen Source
Modified

HP's Host Intrusion Detection System (HIDS) alerts you about hackers who have reached the HP-UX 11i operating environment and are about to do harm in the places most critical to your computing environment―the operating system and applications. Host int ...

VendorHP
Pricing ModelCommercial
Modified

Working as an ISAPI filter, this products is a pure LOGGER, which can provide very extended and verbous information about the requests made to an IIS web server. This includes logging requests for those nasty exploits which in normal conditions would leav ...

VendorAdiscon
Pricing ModelCOMMERCIAL
Modified

A kernel patch and admin tool to enhance the linux kernel security, with implementation of reference monitor in kernel and Mandatory Access Control in the kernel. It provides Protection of files, Protection of process, Fine-granulate Access Controls, use ...

Vendorhttp://www.lids.org/?q=node/5
Pricing ModelOpen Source
Modified

Logsurfer is a program for monitoring system logs in real-time, and reporting on the occurrence of events. It is similar to the well-known swatch program on which it is based, but offers a number of advanced features which swatch does not support. Logsur ...

VendorKerry Thompson
Pricing ModelFreeware
Modified

The main target of M-ICE are hostbased ID Systems but it is also possible to interoperate with other IDS architectures as long as they use the open and standarized message format IDMEF. The main goal of M-ICE is to fit for every infrastructure and to be h ...

VendorThomas Biege
Pricing ModelFreeware
Modified

The Abacus Project suite consists of the following tools right now: Psionic Logcheck/LogSentry - This tool is a clone of a program that ships with the TIS Gauntlet firewall but has been changed in many ways to make it work nicely for normal system auditin ...

VendorPsionic Inc - now Cisco
Pricing ModelFreeware
Modified

System iNtrusion Analysis and Reporting Environment - Server InterSect Alliance's System iNtrusion Analysis and Reporting Environment (SNARE), is an Enterprise audit Event Log analysis solution, comprising a central audit event collection, analysis, repor ...

VendorIntersectAlliance
Pricing ModelCOMMERCIAL
Modified

SNARE is divided into two components, the snare-core package and the snare GUI. Both components are open source, and are licenced under the GNU Public Licence. The snare-core package includes the SNARE audit kernel module and the audit daemon. The snare p ...

VendorIntersectAlliance
Pricing ModelGNU GPL
Modified

Snare Agent for Windows (ex-BackLog) Snare for Windows provides front end filtering, remote control, and remote distribution for Windows eventlog data. Formally known as BackLog, Snare for Windows interfaces into the Windows EventLog subsystem. It can be ...

VendorIntersectAlliance
Pricing ModelGNU GPL
Modified

SNIPS (System & Network Integrated Polling Software), formally NOCOL, is a system and network monitoring software that runs on Unix systems and can monitor network and system devices. It is capable of monitoring DNS, NTP, TCP or web ports, host performanc ...

VendorNetflix Technologies Inc.
Pricing ModelFreeware
Modified

Simple Log Watcher, or Swatch.pl, started out as the "simple watchdog" for activly monitoring log files produced by UNIX's syslog facility. It has since been evolving into a utility that can monitor just about any type of log. Stephen E. Hansen and Todd A ...

VendorTodd Atkins
Pricing ModelFreeware
Modified

Sourcefire RUA enables customers for the first time to correlate threat, endpoint, and network intelligence with user identity information---equipping them to identify the source of policy breaches, attacks, or network vulnerabilities immediately. Much mo ...

VendorSourcefire Inc
Pricing ModelCommercial
Modified

CA Host-Based Intrusion Prevention System (CA HIPS) combines the protective power of five critical technologies— endpoint Firewall, Intrusion Detection, Intrusion Prevention, Operating System Security and Application Control capabilities—into one centrall ...

VendorComputer Associates
Pricing ModelCommercial
Modified
NetIQ Security Manager Modules

NetIQ Security Manager provides real–time monitoring of system changes and user activity, detection of threats and intrusions, security event management and correlation, log management and incident response automation—all with a single, integrated and sca ...

VendorNetIQ
Pricing ModelCommercial
ModifiedNever
NetIQ Change Guardian for Active Directory

With NetIQ Change Guardian for Active Directory, you know which changes are executed based on corporate policy, validate the success or failure of planned changes and capture the difference between authorized and unauthorized change activity. The Change G ...

VendorNetIQ
Pricing ModelCommercial
Modified

© Computer Network Defence Limited 2019