sobek-hids: Host Monitoring System

June 20, 2009 | Jaime Blasco

I’ve just created a google code’s project with some code I wrote some time ago. Sobek-Hids is a python based Host IDS system capable to monitor:

  • Registry Changes

  • File Activity

  • Process Creation

  • Printing Jobs

  • External Drives (USB Disk Plugs)

  • Shared Resources

  • Windows Accounts

  • Logon

  • Firewall Changes

    I hope I will have the time to continue and improve this couple of scripts.

    You can find it at sobek-hids

  • Jaime Blasco

    About the Author: Jaime Blasco

    Jaime Blasco is a renowned Security Researcher with broad experience in network security, malware analysis and incident response. At AT&T Cybersecurity, Jaime leads the Alien Labs Intelligence and Research team that leads the charge of researching and integrating threat intelligence into detection mechanisms. Prior to working at AT&T, Jaime was Chief Scientist at AlienVault. Prior to that, he founded a couple of startups (Eazel, Aitsec) working on web application security, source code analysis and incident response. He is based in San Francisco. Jaime's work in emerging threats and targeted attacks is frequently cited in international publications such as New York Times, BBC, Washington Post and Al Jazeera.

    Read more posts from Jaime Blasco ›


    Get the latest security news in your inbox.

    Subscribe via email


    Get price Free trial