Re: Looking for Host Based IDS
From: Lance Spitzner (lance@honeynet.org)Date: 12/17/01
- Previous message: Hisham Kotry: "Nokia IPSO"
- In reply to: Guy Fighel: "Looking for Host Based IDS"
- Next in thread: Greg Shipley: "Re: Looking for Host Based IDS"
- Next in thread: Matt.Carpenter@alticor.com: "RE: Looking for Host Based IDS"
- Reply: Greg Shipley: "Re: Looking for Host Based IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 Dec 2001 11:24:22 -0600 (CST) From: Lance Spitzner <lance@honeynet.org> To: Guy Fighel <GuyF@xpert.com>
On Mon, 17 Dec 2001, Guy Fighel wrote:
> Hello,
>
> Can someone recommend about a good Host Based IDS that looks for suspicious
> operating system processes?
> I need the ability to write a specific policy for specific system processes
> and need that the IDS will report about any modifications.
I'm a fan of Swatch, simple and effective. Monitors text log messages for
specific signatures, then acts on them, based how you configured it.
http://www.enteract.com/~lspitz/swatch.html
lance
- Previous message: Hisham Kotry: "Nokia IPSO"
- In reply to: Guy Fighel: "Looking for Host Based IDS"
- Next in thread: Greg Shipley: "Re: Looking for Host Based IDS"
- Next in thread: Matt.Carpenter@alticor.com: "RE: Looking for Host Based IDS"
- Reply: Greg Shipley: "Re: Looking for Host Based IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
