Software that automates the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents and attempting to stop detected possible incidents.
Source(s):
NIST SP 800-137
under Intrusion Detection and Prevention System (IDPS)
NISTIR 7298
NIST SP 800-61 Rev. 2
under Intrusion Detection and Prevention System (IDPS)
NISTIR 7621 Rev. 1
under Intrusion Detection / Prevention System
NIST SP 800-61 Rev. 2
An appliance or software product that provides complementary security services to a personal firewall, monitoring and analyzing the internal state of a client device. IDPS products review logs to ensure that the system and applications are not functioning unexpectedly, such as applications inexplicably accessing or altering other portions of the system. Several host-based IDPS software products also monitor inbound and outbound network communications and report or possibly block suspicious activity.
Source(s):
NIST SP 800-127
[Withdrawn]