Other
Sobek-Hids is a python based Host IDS system that is capable of monitor: * Registry Changes * File Activity * Process Creation * Printing Jobs * External Drives (USB Disk Plugs) * Shared Resources * Windows Accounts * Logon * Firewall Changes
Installation
You need python for windows and the following packages: * win32 extensions from Mark Hammond * WMI module
Then download a copy of Sobek-Hids from the repository or zipped version: * svn checkout http://sobek-hids.googlecode.com/svn/trunk/ sobek-hids-read-only * http://sobek-hids.googlecode.com/files/sobek-hids.v0.1.zip
You can activate/deactive some modules from the config.cfg file and change log file location: ``` [log] file = c:\mon.log verbose = debug remoteip =
[process] enable = True
[printer] enable = True
[media] enable = True
[file] enable = True pa
No comment