www.itpentest.com
Home     Free Vulnerability Scan (IVS)     About     Security Blogs     Contact Us
www.itpentest.com

Live Intrusion Detection System (IDS) Dashboard Demo


A demonstration of a free Intrusion Detection System with visual dashboard.

There are many IDS systems on the market, amongst some of the best include Trend Micro Deep Security - however, these can be expensive.

www.itpentest.com Trend Deep Security IDS

Don't let cost put you off the added security benefits from implementing an IDS though - there are some really good and well respected open source (free!) alternatives out there, including Snort and my personal favourite - OSSEC (owned by Trend Micro). OSSEC stands for (somehow!) 'Open Source Host Intrusion Detection System Security', and is fully compatible with AWS and Azure Cloud as well as on-premises. Just a note regarding Snort - this has got a long hertitage, but I'm not convinced it works in AWS or Azure as I've tried in the past but failed.

OSSEC is compliant with Payment Card Industry Data Security Standard (PCI DSS) so should re-assure you of its competence. It also includes "active-response" which is a built-in optional component enabling OSSEC to automatically block an attacker on your behalf.

OSSEC can be fully installed using just a handful of simple commands. There are some good third-party dashboards available on the market for it from well known vendors such as Splunk and Kibana via Wazah, however these can be fiddly to implement - but look really good! Have a look at our other IDS blog (What happens if you don't use IDS) to see screenshots of how good a dashboard can look.

However! This blog is all about IDS simplicity, and therefore I want to make the point that there's a native web user interface called Analogi which can be installed in only a few commands.

I've set up an Internet test web server, protected it with OSSEC and published the live dashboard for you to see. It's not as pretty as Kibana or Splunk, but informative. I should make the point it's more advanced than you'll see, but I had to remove some of the functionality because it exposed too much information about my test server which would enable it to be exploited! It would also normally be tuned to only show high-severity alerts so it doesn't create too much 'noise', however I've left it noisy so you've got something to see. Click the screenshot below.

www.itpentest.com IDS OSSEC Analogi Dashboard