Category: Intrusion Detection Systems (IDS)

AIDE (Advanced Intrusion Detection Environment)

AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker. It creates a database from the regular expression rules that it finds from the config file(s). Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (see below) that are used …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2015/03/31/aide-advanced-intrusion-detection-environment-2/

OSSEC

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows. Check out OSSEC features and how it works for more information about how OSSEC can help you solve your host-based …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2015/03/07/ossec/

Sguil

Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil’s main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis. The Sguil client is written in tcl/tk and can be run …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2015/03/06/sguil/

Snort 2.9.7.0

Open-Source IDS/IPS Download Snort

Permanent link to this article: http://www.darknessgate.com/2015/03/04/snort-2-9-7-0/

SAMHAIN file integrity / host-based intrusion detection system

The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/05/24/samhain-file-integrity-host-based-intrusion-detection-system/

AIDE (Advanced Intrusion Detection Environment)

AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker. It creates a database from the regular expression rules that it finds from the config file(s). Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (see below) that are used …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2012/05/24/aide-advanced-intrusion-detection-environment/