|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Lance Spitzner (lance
honeynet.org)Date: Mon Dec 17 2001 - 11:24:22 CST
On Mon, 17 Dec 2001, Guy Fighel wrote:
> Hello,
>
> Can someone recommend about a good Host Based IDS that looks for suspicious
> operating system processes?
> I need the ability to write a specific policy for specific system processes
> and need that the IDS will report about any modifications.
I'm a fan of Swatch, simple and effective. Monitors text log messages for
specific signatures, then acts on them, based how you configured it.
http://www.enteract.com/~lspitz/swatch.html
lance
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]