Host-based intrusion detection systems (HIDS), work by monitoring activity that is occurring internally on a host. HIDS look for unusual or nefarious activity by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes. AlienVault USM integrates HIDS with other key security controls to help you get the most out of host-based monitoring, including:
Analyzing system behavior and configuration status to track user access and activity
Detecting system compromise, modification of critical configuration files (e.g. registry settings, /etc/passwd), common rootkits, and rogue processes
Correlating HIDS data with known IP reputation, vulnerability scans and more
Logging and reporting for PCI compliance