Host-based intrusion detection system comparison

From Wikipedia, the free encyclopedia

Comparison of host-based intrusion detection system components and systems.

Free and open-source software

Summarize
Perspective

As per the Unix philosophy a good HIDS is composed of multiple packages each focusing on a specific aspect.

More information Package, Updated ...
Package Updated Ubuntu Official Repositories CentOS Official Repositories openSUSE Official Repositories File Network Logs Config Notes
OSSEC 2022 No[1] No[2] Yes[3] Yes Yes Yes Yes
Wazuh 2022 No No  ? Yes Yes Yes Yes
Samhain 2021 Yes[4] No Yes[5] Yes No Partial[6]
Snort 2018 Yes[7] No[8] No No Yes No
chkrootkit 2023 Yes[9] No Yes Yes No Partial[10]
rkhunter 2018 Yes[11] Yes[12] Yes Yes No No Yes
unhide[13] 2012 Yes[14] Yes[15] Yes No No No proc ps compare
Sguil 2017 No No No No Yes No
Logwatch[16] 2017 Yes[17] Yes[18] Yes No No Yes
Logcheck[19] 2017 Yes[20] Yes[21] Yes No No Yes
Epylog[22] 2014 Yes[23] Yes[24] Yes No No Yes
SWATCH[25] 2015 Yes[26] Yes[27] Yes No No Yes
sagan 2021 Yes[28] No No No No Yes
aide 2023 Yes[29] Yes[30] Yes Yes No No
tripwire 2018 Yes[31] Yes[32] Yes Yes No No
Tiger 2018 Yes[33] No No Yes No No Yes 3/42 modules are Debian specific.
Close

Proprietary software

More information Package, Year ...
Package Year[34] Linux Windows File Network Logs Config Notes
Lacework 2018 Yes No Yes Yes Yes Yes
Verisys 2018 Yes Yes Yes Yes Yes
Nessus 2017 Yes Yes Yes
Atomicorp 2019 Yes Yes Yes Yes Yes Yes Commercially enhanced version of OSSEC
Spartan 2021 No Yes Yes Yes Yes Yes Websocket API, IP to Country mapping, DynDNS Integration
Close

References

Loading related searches...

Wikiwand - on

Seamless Wikipedia browsing. On steroids.