Hi,
I am looking for a good Host-based IDS solution for Linux (one that inspects system calls, OS files, CPU usage etc.,,, network traffic inspection is not relevant for this case).
Since I am using it for research purposes I need it to give as an output not only alerts, but also some quantitative measure of the risk to the system (such as anomaly rate) .
Does anyone have an idea of an existing IDS (Maybe OSSEC will do the job)?
If not - do you have an idea how to build such an HIDS?
Thanks
I am looking for a good Host-based IDS solution for Linux (one that inspects system calls, OS files, CPU usage etc.,,, network traffic inspection is not relevant for this case).
Since I am using it for research purposes I need it to give as an output not only alerts, but also some quantitative measure of the risk to the system (such as anomaly rate) .
Does anyone have an idea of an existing IDS (Maybe OSSEC will do the job)?
If not - do you have an idea how to build such an HIDS?
Thanks
Facebook
Twitter