Re: Looking for Host Based IDS
From: Greg Shipley (gshipley@neohapsis.com)Date: 12/17/01
- Previous message: Talisker: "Re: Looking for Host Based IDS"
- In reply to: Lance Spitzner: "Re: Looking for Host Based IDS"
- Next in thread: Chris Ess: "Re: Looking for Host Based IDS"
- Next in thread: Matt.Carpenter@alticor.com: "RE: Looking for Host Based IDS"
- Reply: Chris Ess: "Re: Looking for Host Based IDS"
- Reply: Mark Crosbie: "Re: Looking for Host Based IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 Dec 2001 15:03:20 -0600 (CST) From: Greg Shipley <gshipley@neohapsis.com> To: Lance Spitzner <lance@honeynet.org>, <Matt.Carpenter@alticor.com>
On Mon, 17 Dec 2001, Lance Spitzner wrote:
> I'm a fan of Swatch, simple and effective. Monitors text log messages for
> specific signatures, then acts on them, based how you configured it.
*AND*
On Mon, 17 Dec 2001 Matt.Carpenter@alticor.com wrote:
> Tripwire is pretty much an OpenSource default for *nix. Windows has
> many and varied. I've heard good things about ISS's software as well
> as PacketStorm. Check out Freshmeat if you want other options
> (www.freshmeat.net) for *nix
But do either of these watch processes, which I believe was Guy's orignal
question/requirement? I was under the impression that these are just log
parsing (swatch) and binary integrity checkers (tripwire) - not HIDS that
watch processes for violations. But then maybe I'm behind on my info
again....
-Greg
- Previous message: Talisker: "Re: Looking for Host Based IDS"
- In reply to: Lance Spitzner: "Re: Looking for Host Based IDS"
- Next in thread: Chris Ess: "Re: Looking for Host Based IDS"
- Next in thread: Matt.Carpenter@alticor.com: "RE: Looking for Host Based IDS"
- Reply: Chris Ess: "Re: Looking for Host Based IDS"
- Reply: Mark Crosbie: "Re: Looking for Host Based IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
