From OSSEC Wiki
Contents |
1.01 - What is an HIDS (Host-based Intrusion Detection System)?
First of all, Intrusion Detection is the process or techniques used to detect attacks on a specific network, system or application. Most intrusion detection tools not only detect attacks, but also software misuse, policy violations and other forms of inappropriate activities.
A Host-based IDS performs intrusion detection from within the systems you want to protect. Some of these tools perform log analysis, others spyware detection, while others perform virus detection.
1.02 - What is Security log analysis?
Security Log analysis is the process or techniques used to detect attacks on a specific network, system or application using logs as the primary source of information. Security log analysis can also be called LID(S) - Log-based Intrusion Detection.
Logs can be anything from firewall logs, web server logs, system logs, IDS events or Windows event logs.
Log analysis is also used to detect software misuse, policy violations and other forms of inappropriate activities.
1.03 - What is LIDS?
LIDS (Log-based intrusion detection systems) is just a fancy term for tools that perform security log analysis (specified above). It's goal is to detect misuse (or attacks) using logs as the primary source of information. It is not a replacement for NIDS (Network-based IDS) or any other security solution, but an addition to them.
1.04 - What is OSSEC HIDS again?
OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response.