RE: Looking for Host Based IDS

From: Schroeder, Eric (Eric.Schroeder@westgroup.com)
Date: 12/18/01

• Previous message: Mark Crosbie: "Re: Looking for Host Based IDS"
• Maybe in reply to: Guy Fighel: "Looking for Host Based IDS"
• Next in thread: cool cash: "RE: Looking for Host Based IDS"
• Reply: cool cash: "RE: Looking for Host Based IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Schroeder, Eric" <Eric.Schroeder@westgroup.com>
To: "'Guy Fighel'" <GuyF@xpert.com>, focus-ids@securityfocus.com
Date: Tue, 18 Dec 2001 08:30:47 -0600

Guy,
        I just went through this same search. I didn't find many HIDS that
would truly fingerprint the box (running processes, open ports, file
integrity), but I did find one that came close. It's called Pentasafe
(www.pentasafe.com), and it's commercial. Good luck.

Eric Schroeder

-----Original Message-----
From: Guy Fighel [mailto:GuyF@xpert.com]
Sent: Monday, December 17, 2001 9:34 AM
To: focus-ids@securityfocus.com
Subject: Looking for Host Based IDS

Hello,

Can someone recommend about a good Host Based IDS that looks for suspicious
operating system processes?
I need the ability to write a specific policy for specific system processes
and need that the IDS will report about any modifications.

I would appreciate your help,

Guy.

---

• Previous message: Mark Crosbie: "Re: Looking for Host Based IDS"
• Maybe in reply to: Guy Fighel: "Looking for Host Based IDS"
• Next in thread: cool cash: "RE: Looking for Host Based IDS"
• Reply: cool cash: "RE: Looking for Host Based IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ids  > 2001-12