Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Lance Spitzner (lancehoneynet.org)
Date: Mon Dec 17 2001 - 11:24:22 CST
On Mon, 17 Dec 2001, Guy Fighel wrote:
> Can someone recommend about a good Host Based IDS that looks for suspicious
> operating system processes?
> I need the ability to write a specific policy for specific system processes
> and need that the IDS will report about any modifications.
I'm a fan of Swatch, simple and effective. Monitors text log messages for
specific signatures, then acts on them, based how you configured it.