Systems monitoring
An important aspect of security monitoring is the monitoring of enterprise systems. Systems are the foundational component of the enterprise network where data is stored, processed, and interacted with through applications. There are multiple methods to monitor systems, but the focus of this section is specific to security monitoring of the operating system and critical application files. This is typically accomplished through a combination of the standard security tools such as anti-virus, host-based intrusion detection, host firewall, FIM, and monitoring of operating system event logs.
In some cases, a honeypot-type technology is used to learn behaviors of network users and detect attacks against critical systems. Newer open source tools such as Artillery, by Dave Kennedy (https://www.trustedsec.com/downloads/artillery/), are able to perform all of these functions including active responses to detected attacks providing immediate system protection. This is one example...
