Which HIDS is integrated into the Security Onion and uses rules to detect changes in host-based operating parameters caused by malware through system calls?

IT Questions BankCategory: CCNA CyberOpsWhich HIDS is integrated into the Security Onion and uses rules to detect changes in host-based operating parameters caused by malware through system calls?
Which HIDS is integrated into the Security Onion and uses rules to detect changes in host-based operating parameters caused by malware through system calls? 1IT Administrator Staff asked 9 months ago

Which HIDS is integrated into the Security Onion and uses rules to detect changes in host-based operating parameters caused by malware through system calls?

  • OSSEC
  • Bro
  • Snort
  • Suricata

Explanation: OSSEC is a HIDS integrated into the Security Onion and uses rules to detect changes in host-based parameters like the execution of software processes, changes in user privileges, registry modifications, among many others. OSSEC rules will trigger events that occurred on the host, including indicators that malware may have interacted with the OS kernel. Bro, Snort, and Suricata are examples of NIDS systems.

More Questions: Modules 26 – 28: Analyzing Security Data Group Exam

–>


Related Articles

guest
0 Comments
Inline Feedbacks
View all comments