We have installed the IDS in a windows XP desktop as per the guide and everything seems to be okay. But the problem is we dont know/ have little knowledge ,about how to use the WINIDS in real time enviornment. Could anyone please guide us in this matter.
Post subject: RE: How to use the winids Posted: Dec 24, 2012 - 01:38 PM
Joined: Dec 17, 2012
Location: New Jersey
I got as far as getting it running. now i would think you need to figure out if everything's working.
i only get tcp traffic so i think somethings up with that for my install.
Post subject: RE: How to use the winids Posted: Feb 04, 2013 - 12:24 PM
Joined: Sep 04, 2003
East Coast - USA
Location: East Coast - USA
Only a portion of the rules are active. You might want to activate all rules to test the Windows Intrusion Detection System (WinIDS). Not good to run these in a production environment. This is how I test in my development box.
The stock activated rules are just a basic starting point.