In this article, I will write a write-up for IDS Fundamentals that covers What is an IDS, Types of IDS, IDS Examples: Snort, Snort Usage, and a Practical.
Can an intrusion detection system (IDS) prevent the threat after it detects it? Yea/Nay
Nay
Which type of IDS is deployed to detect threats throughout the network?
Network Intrusion Detection System
Which IDS leverages both signature-based and anomaly-based detection techniques?
Hybrid IDS
Which mode of Snort helps us to log the network traffic in a PCAP file?
Packet Logging Mode
What is the primary mode of Snort called?
Network Intrusion Detection System Mode
Where is the main directory of Snort that stores its files?
/etc/snort
Which field in the Snort rule indicates the revision number of the rule?
rev
Which protocol is defined in the sample rule created in the task?
icmp
What is the file name that contains custom rules for Snort?
local.rules
What is the IP address of the machine that tried to connect to the subject machine using SSH?
10.11.90.211
$ cd /etc/snort $ sudo snort -r Intro_to_IDS.pcap -c /etc/snort/snort.conf -A console
What other rule message besides the SSH message is detected in the PCAP file?
Ping Detected
What is the sid of the rule that detects SSH?
1000002
Thank you for reading my article. Please leave any questions or comments on improving my learning journey and the Lab THM challenges. We can also connect more on LinkedIn or X.