HIPS/HIDS

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
I've been playing with Blink a little bit, and so far it isn't too bad. I've also been using OSSEC on my machines (except the Mac), and I definitely like it so far.

Just looking for other suggestions (both personal and enterprise).

Free is preferred, I'm poor.
 

chipy

Golden Member
Feb 17, 2003
1,469
2
81
it's been many years since i looked into stuff like this but last time i was researching stuff like this, Tripwire seemed to be one of the preferred tools by security experts.
 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: chipy
it's been many years since i looked into stuff like this but last time i was researching stuff like this, Tripwire seemed to be one of the preferred tools by security experts.

Tripwire's configuration management.
 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: John
I prefer virtualization over HIPS, so check out PowerShadow. Here's a massive thread about it on Wilders. SandboxIE and CyberHawk are popular freeware HIPS.

I'm more worried about the state of the system while its running. I checked out cyberhawk and wasn't too impressed. Plus it was only a 30 day trial.

I've heard of SandboxIE, but I haven't looked into it much. Isn't it for the browser only?
 

DaiShan

Diamond Member
Jul 5, 2001
9,617
1
0
Have you looked at Prelude and Prewikka (the front end) pretty cool stuff IMO. It's my next home project
 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: DaiShan
Have you looked at Prelude and Prewikka (the front end) pretty cool stuff IMO. It's my next home project

I've looked at it. Its definitely interesting, but I haven't had enough time to devote to getting it working.

OSSEC and sguil were much easier.
 

John

Moderator Emeritus<br>Elite Member
Oct 9, 1999
33,944
1
0
Originally posted by: n0cmonkey
Originally posted by: John
I prefer virtualization over HIPS, so check out PowerShadow. Here's a massive thread about it on Wilders. SandboxIE and CyberHawk are popular freeware HIPS.

I'm more worried about the state of the system while its running. I checked out cyberhawk and wasn't too impressed. Plus it was only a 30 day trial.

I've heard of SandboxIE, but I haven't looked into it much. Isn't it for the browser only?

How did you miss the free version? http://www.novatix.com/GetCyberhawk/

Get the Pro version for Free from this URL: http://www.novatix.com/cyberhawk/free/

Sandboxie is not just for IE. http://www.sandboxie.com/
 

kamper

Diamond Member
Mar 18, 2003
5,513
0
0
I was gonna try installing ossec on my mac today. I wanted to set it up in a temp dir so I could see what was going on before letting it barf all over my file system. The installer refused to run without root. I promptly gave up.

I might try it this weekend using vmware.
 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: kamper
I was gonna try installing ossec on my mac today. I wanted to set it up in a temp dir so I could see what was going on before letting it barf all over my file system. The installer refused to run without root. I promptly gave up.

I might try it this weekend using vmware.

Yeah, it needs root to install files into directories only root has access to...
 
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |