Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Security Monitoring with Wazuh

You're reading from   Security Monitoring with Wazuh A hands-on guide to effective enterprise security using real-life use cases in Wazuh

Arrow left icon
Product type Paperback
Published in Apr 2024
Publisher Packt
ISBN-13 9781837632152
Length 322 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Rajneesh Gupta Rajneesh Gupta
Author Profile Icon Rajneesh Gupta
Rajneesh Gupta
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Part 1:Threat Detection
2. Chapter 1: Intrusion Detection System (IDS) Using Wazuh FREE CHAPTER 3. Chapter 2: Malware Detection Using Wazuh 4. Part 2: Threat Intelligence, Automation, Incident Response, and Threat Hunting
5. Chapter 3: Threat Intelligence and Analysis 6. Chapter 4: Security Automation Using Shuffle 7. Chapter 5: Incident Response with Wazuh 8. Chapter 6: Threat Hunting with Wazuh 9. Part 3: Compliance Management
10. Chapter 7: Vulnerability Detection and Configuration Assessment 11. Chapter 8: Appendix 12. Chapter 9: Glossary 13. Index 14. Other Books You May Enjoy

What is an IDS?

An IDS works by monitoring network traffic, system logs, and other relevant information to identify and analyze patterns and signatures associated with known threats or abnormal behavior. The primary goal of an IDS is to detect and alert security administrators about potential threats or breaches. When an IDS identifies suspicious behavior or patterns, it generates an alert, notifying the security team to take appropriate action.

Types of IDS

There are two main types of IDS: NIDS and host-based IDS (HIDS). The main difference between a NIDS and a HIDS is the monitoring scope and types of activities they detect. Have a look at the following table to look at the differences:

NIDS

HIDS

Scope

It works at the network level, monitoring the data going to and from different devices to look for abnormal behaviors or events that might indicate an intrusion.

It is installed directly on the host’s and monitor’s log files, system calls, file integrity, and other host-specific files for any unusual activities.

Location

Functions at one or more central places in a network’s infrastructure to monitor and analyze traffic going through those points.

Operates locally on individual hosts or devices, keeping an eye on actions that are unique to that machine.

Detection focus

A NIDS detects network attacks and anomalies. It can detect port scans, DoS attacks, intrusion attempts, and other network infrastructure threats.

A HIDS monitors host activity. It detects unauthorized access, file system changes, critical system file modifications, and suspicious processes or behaviors that may indicate a compromised host.

Popular tools

Suricata, Snort

Wazuh, OSSEC

Table 1.1 – NIDS versus HIDS

In the following diagram, you can see that a NIDS is installed to monitor network traffic while an HIDS monitors individual devices.

Figure 1.1 – NIDS versus HIDS

Figure 1.1 – NIDS versus HIDS

You have been reading a chapter from
Security Monitoring with Wazuh
Published in: Apr 2024
Publisher: Packt
ISBN-13: 9781837632152
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime