Skip to content
Log in

IDS/IPS (Intrusion Detection/Prevention System)

Definition

Network or host-based systems that inspect traffic or system calls for known attack patterns. An IDS generates alerts without blocking; an IPS sits inline and can drop malicious traffic. The distinction matters for tuning: prevention mode can block legitimate activity if rules are misconfigured.

Related terms

Alert correlation
The process of grouping multiple related events or alerts into a single higher-level alert representing one attack sequence. A correlation rule might...
Alert fatigue
The condition in which analysts receive more alerts than they can meaningfully review, leading to delayed responses, dismissed true positives, and reduced...
EDR (Endpoint Detection and Response)
An agent-based security tool deployed on individual endpoints (workstations, servers, mobile devices) that monitors process execution, file changes, network connections, and registry...
Indicator of Compromise (IoC)
An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
SIEM (Security Information and Event Management)
A platform that aggregates log and event data from systems, networks, and applications across an environment, correlates events against detection rules, generates...

Explained in

  • Detection Sources and Alert PipelinesNetwork or host-based systems that inspect traffic or system calls for known attack patterns. An IDS generates alerts without blocking; an IPS sits inline and...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account