No more DIY - Athena NetFlow, Athena CTI, Athena Netica and Athena Logtica, combined with just enough operating system (JeOS) to run optimally in a virtual machine, up and run in minutes.
Statistical Anomaly rules to monitor collected server logs and alerts to any sudden increase in a number of indicators; or Behavioural Anomaly rules to detect privileged access, from new network locations, etc.
Monitor all user logons in a domain, such as Creation of Privileged Accounts 3 a.m. this morning; extreme access of files in file server by a user account, etc.
Attempt to read /etc/passwd, obviously a Local File Inclusion Attempt; Attacker uploaded a web shell and is accessing it from web server, with response code 200,.. etc.
File Integrity Monitoring to discover a new scheduled job was created; Performance Monitoring to discover CPU utilisation exceeds 85% for the past hour, etc.
WebWatch downloads designated web pages periodically to verify availability & presence of malicious content; DNSWatch checks online periodically if any change of the mappings of DNS hostname and IP address(es).