Symantec Host IDS installs HIDS Agents and SESA Agents on the client computers, and SESA Server Extensions on the SESA Manager. The HIDS Agent monitors system activities and reports events to the SESA Manager. HIDS uses the SESA Console to manage the agents, to view events, to create reports, and to send alerts and notifications.
The SESA Console is the browser-based console for the Symantec Enterprise Security Architecture (SESA). SESA is an underlying software infrastructure that integrates multiple Symantec and third-party products to provide flexible control of security within organizations. Through the SESA management framework, these products protect your IT infrastructure from malicious code, intrusions, and blended threats. You can monitor and manage security-related events through the SESA Console.
Security Updates are available for download from the Symantec Web site. They provide critical security content and policies to support new operating system versions, collector configurations, and other security content.
Symantec provides pre-configured policies for selected technologies and third party programs. Symantec does not provide support for these policies. The policies are available on the Symantec Unsupported Tools page for Symantec Host IDS.
Symantec Host IDS 4.1 and 4.1.1 contain the following key new features:
- Intrusion prevention capabilities with process management functionality, including reporting, blocking, and monitoring of key processes.
- The ability to receive and view Symantec Intruder Alert 3.6 events through the Symantec Intruder Alert SESA Bridge.
- Integrated policy editor functionality.
Symantec Host IDS 4.1.1 adds support for additional versions of selected operating systems. Depending on your operating system, use either version 4.1 or version 4.1.1 with the latest build. For a list of the latest build for each operating system, read Obtaining the latest build of Symantec Host IDS 4.1 and 4.1.1. HIDS 4.1.1 Managers fully support HIDS 4.1 Agents.
Installing the SESA Server Extensions for Symantec Host IDS 4.1 and 4.1.1
Symantec Host IDS Notifications compatibility with SESA
What's new in Symantec Host IDS 4.1.1
Contents of the Readme.txt file for Symantec Host IDS 4.1.1
Changes made by the Symantec Host IDS Agent installation to the UNIX operating system
Enabling Symantec Host IDS 4.1 and 4.1.1 support for SESA 2.0
Installing LiveUpdate for Symantec Host IDS on SESA 2.0
Additional tools and related products for Symantec Host IDS include the following:
Alerting and notifications tool
The Symantec Host IDS Notifications tool provides alerting and notification features that enhance Symantec Host IDS. In addition to severity, time, and product information, you can use this tool to configure email and SNMP alerts in order to see the details of how an event was triggered and the computer that it was triggered on.
The initial release, build 1.0, supports Symantec Host IDS 4.1.1 and SESA 1.1.5.
The DMU.zip file contains the SESA 2.0.1 version of the SESA Data Maintenance Utility, which enables you to archive, purge, copy, and move data in any SESA DataStore.
Symantec Event Manager for Intrusion Protection
Symantec Host IDS 4.1.1 includes Symantec Event Manager for Intrusion Protection. This program provides intrusion detection information through the SESA Console, which enables you to see a consistent holistic view of your IDS security posture for events that reported by the following Symantec programs:
- Symantec Host IDS
- Symantec ManHunt
- Symantec Decoy Server
- Symantec Event Collectors for IDS products
- ManHunt Smart Agent events, through Symantec ManHunt
- Symantec Gateway Security
For more information, read the document Introduction to Symantec Event Manager for Intrusion Protection.
ITA 3.6 bridge for SESA
The Symantec Intruder Alert SESA Bridge enables you to send events from an Intruder Alert 3.6 Manager to a Symantec Enterprise Security Architecture (SESA) 2.0 or later Manager. You can then view the events in the SESA Console in the same way that you view Symantec Host IDS events in the console. This version works on the Solaris 8 SPARC operating system.
Imported Document Id