Intrusion Detection System (IDS)
Definition
A network or host-based monitoring system that analyses traffic or system behaviour against a rule set (signature-based) or a statistical baseline (anomaly-based) and generates alerts on matches. A network IDS (NIDS) such as Snort or Suricata sits on a span or tap port; a host IDS (HIDS) runs on individual endpoints.
Related terms
- DHCP lease log
- A record maintained by a Dynamic Host Configuration Protocol server that maps each IP address assignment to the requesting device's MAC address,...
- NetFlow
- A network protocol (originally Cisco, now standardised as IPFIX under RFC 7011) that records metadata about IP traffic flows: source and destination...
- PCAP (packet capture)
- A file format (and the process of creating it) that records every byte of every network packet passing a capture point, including...
- RADIUS log
- An authentication, authorisation, and accounting record produced by a Remote Authentication Dial-In User Service server. Each entry records the username, authenticating device...
- Syslog
- A standardised protocol (RFC 5424) for transmitting log messages from network devices to a centralised log server. Routers, switches, firewalls, and servers...
Explained in
- Network Evidence Sources and Their Forensic ValueA network or host-based monitoring system that analyses traffic or system behaviour against a rule set (signature-based) or a statistical baseline (anomaly-bas...