oasis-tcs / openc2-ap-ids

OASIS OpenC2 TC: developing a concise and extensible language to enable the command and control of cyber defense components. https://github.com/oasis-tcs/openc2-ap-ids
Other
1 stars 0 forks source link

IDS - HIDS or NIDS or both #1

Open sparrell opened 4 years ago

Vasileios-Mavroeidis commented 4 years ago

I haven't used multiple HIDS to have an educated opinion. So based on OSSEC that i have used and have experience, I can claim that a common AP for HIDS and NIDS (such as Suricata and Snort) would be adequate.

alevere commented 4 years ago

There is some functionality overlap, but the products in this space are different. I think it is a little early to decide on this. As an example, you could say detect hash abc123, which both a network sensor and a software agent could do. One may inspect network traffic and parse out data streams whereas the other may compute the hash based on a file open.