HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)
Figure 1 HP-UX HIDS Components
HP-UX HIDS monitors system activity by analyzing data from the following file sources:
• Kernel audit data
• System log files
HP-UX HIDS analyzes this information against its configured attack scenarios. It then identifies
possible intrusions and misuse immediately following any suspected activity. The suspected activity
simultaneously communicates an alert and detailed information about the potential attack to the
HP-UX HIDS System Manager.
Detection Templates
HP-UX HIDS includes a set of preconfigured patterns, known as detection templates. These templates
are the building blocks used to identify the basic types of unauthorized system activity or security
attacks frequently found on enterprise networks. You can customize the detection templates by
changing certain configurable parameters.
Surveillance Groups
A surveillance group typically consists of related detection templates; for example, those related
to file system intrusions or web server attacks. Each surveillance group provides protection against
one or more types of intrusion.
Surveillance Schedules
A surveillance group is scheduled to run regularly on one or more of the host systems it is protecting,
on one or more days of the week, and at one or more times. This process of configuring surveillance
groups to protect hosts on the basis of a regular weekly schedule is referred to as creating a
HP-UX HIDS Components 19