Host Intrusion Detection System Administrator's Guide Release 3.1

Automated Response
Introduction
Appendix B
188
If business continuity is important then the machine must be restored to a known
safe state. If critical files have been modified then they can be restored from trusted
read-only media. See examples in “Restoration of a known “good” state” on page 207.