Skip to main content

Host IDS

A Host IDS monitors host and server event/sys logs from multiple sources for suspicious activity.  Host IDS are best placed to detect computer misuse from trusted insiders and those who have already infiltrated your network.  Okay, IMHO what I have just described is an event log manager, a true Host IDS will apply some signature analysis across multiple events/logs and/or time, heuristical profiling is another useful way to spot nefarious activity. NOTE it is felt that this battle of terms with the vendor marketeers regarding what actually constitutes a Host IDS vs an event log manager has been lost. therefore a HIDS can be any of the above.

System auditing varies widely between differing UNIX and Linux systems, most of which lack the tools needed for easy configuration and use. Secure4Audit (previously known as auditGUARD) is a simple and easy-to-use software package for configuring and cont ...

Secure4Audit

Grsecurity is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally r ...

grsecurity
Kerry Thompson

Logsurfer is a program for monitoring system logs in real-time, and reporting on the occurrence of events. It is similar to the well-known swatch program on which it is based, but offers a number of advanced features which swatch does not support. Logsur ...

Thomas Biege

The main target of M-ICE are hostbased ID Systems but it is also possible to interoperate with other IDS architectures as long as they use the open and standarized message format IDMEF. The main goal of M-ICE is to fit for every infrastructure and to be h ...

Psionic Inc - now Cisco

The Abacus Project suite consists of the following tools right now: Psionic Logcheck/LogSentry - This tool is a clone of a program that ships with the TIS Gauntlet firewall but has been changed in many ways to make it work nicely for normal system auditin ...

Feature-rich, reliable, lightweight log collectors. Rock solid log collection is both a compliance and security imperative. Lightweight – Under 5% of CPU and 20 megs of memory Compliance – Gather data needed for PCI DSS, SOX, GDPR, HIPAA. NISPOM, PIPEDA ...

SNARE Agents
Netflix Technologies Inc.

SNIPS (System & Network Integrated Polling Software), formally NOCOL, is a system and network monitoring software that runs on Unix systems and can monitor network and system devices. It is capable of monitoring DNS, NTP, TCP or web ports, host performanc ...

Simple Log Watcher, or Swatch.pl, started out as the "simple watchdog" for activly monitoring log files produced by UNIX's syslog facility. It has since been evolving into a utility that can monitor just about any type of log. Stephen E. Hansen and Todd A ...

NetIQ Change Guardian for Windows gives you invaluable insight into the activities of, and changes implemented by, privileged-level users across your Windows systems, providing the visibility you need to protect your Windows environment, hosted data and a ...

NetIQ Change Guardian for Windows

NetIQ Change Guardian for Group Policy minimizes the risks associated with Group Policy Object (GPO) change management and helps determine and document all authorized and unauthorized Group Policy changes to the live environment. Group Policy is an ext ...

NetIQ Change Guardian for Group Policy

NetIQ Secure Configuration Manager audits system configurations and compares them to corporate policies, previous snapshots, and/or other systems. It also leverages this configuration information to reliably identify vulnerabilities and exposures, using t ...

NetIQ Secure Configuration Manager

Deep Security protects confidential data and critical applications to help prevent data breaches and ensure business continuity, while enabling compliance with important standards and regulations such as PCI, FISMA and HIPAA. Whether implemented as softwa ...

Trend Micro Deep Security