Security Solutions: IDS Fundamentals (TryHackMe)

In this article, I will write a write-up for IDS Fundamentals that covers What is an IDS, Types of IDS, IDS Examples: Snort, Snort Usage, and a Practical.

1. Can an intrusion detection system (IDS) prevent the threat after it detects it? Yea/Nay Nay

2. Which type of IDS is deployed to detect threats throughout the network? Network Intrusion Detection System

3. Which IDS leverages both signature-based and anomaly-based detection techniques? Hybrid IDS

4. Which mode of Snort helps us to log the network traffic in a PCAP file? Packet Logging Mode

5. What is the primary mode of Snort called? Network Intrusion Detection System Mode

6. Where is the main directory of Snort that stores its files? /etc/snort

7. Which field in the Snort rule indicates the revision number of the rule? rev

8. Which protocol is defined in the sample rule created in the task? icmp

9. What is the file name that contains custom rules for Snort? local.rules

10. What is the IP address of the machine that tried to connect to the subject machine using SSH? 10.11.90.211

    $ cd /etc/snort $ sudo snort -r Intro_to_IDS.pcap -c /etc/snort/snort.conf -A console

    

    

11. What other rule message besides the SSH message is detected in the PCAP file? Ping Detected

12. What is the sid of the rule that detects SSH? 1000002

Thank you for reading my article. Please leave any questions or comments on improving my learning journey and the Lab THM challenges. We can also connect more on LinkedIn or X.