Endpoint Defense

Defensive technologies that install directly on the endpoint (machine)


OSSIM is the de facto standard Open Source SIEM. The goal of AlienVault's OSSIM is to provide a comprehensive compilation of tools that work together to provide a detailed view over each and every aspect of your networks, hosts, physical access devices, server, etc.

Sysinternals Suite

The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault.


Tripwire is a host based Intrusion detection system for Linux. Tripwire monitors Linux system to detect and report any unauthorized changes to the files and directories. Once a baseline is created, tripwire monitors and detects, which file is added, which file is changed, what is changed, who changed it, and when it was changed. If the changes are legitimate, you can update the tripwire database to accept these changes.

Snare Agent

The Snare and Epilog agents, from InterSect Alliance, are considered to be the de-facto industry standard for eventlog and audit log collection.
The agents are available in two different versions:
•The Snare, and Epilog Enterprise Agents - The industry standard for capturing and filtering audit and event log data, in a supported package, and with an enterprise-level feature set, including guaranteed delivery, encryption, and custom event sources.

•Snare, and Epilog: Open source editions - Audit and event log collection, with code available under the terms of the GNU Public License.

Can also be used to delete audit logs Wink

Ldap Admin and Ldap Admin Pro

LDAP Admin Tool helps users/administrators accomplish LDAP administration operations in a few mouse clicks, view and edit data including binary and images, export and import data to/from most popular file formats, edit attributes using different editors, manage LDAP users and their privileges and employ many other admin and user functions. LDAP Admin Tool also provides SQLLDAP support which allows users to query ldap using sql like syntax, mass update records with sql like syntax and export/ import records as update, delete and insert statements.


Pstools is a suite of tools that allows many things include remote file execution, process monitoring, viewing logged on users, and many other things.


Combofix is a multipurpose virus removal program that scans the boot sector of the hard drive, along with checing and replacing system files, and removing rootkits. On top of all this, it also removes all types of other viruses.


OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.


Reports all open TCP and UDP ports and maps them to the owning process or application.

Vision, a host based Forensic Utility is the GUI successor to the well-known freeware tool, Fport. This innovative new product from Foundstone shows all of the open TCP and UDP ports on a machine, displays the service that is active on each port, and maps the ports to their respective applications. Vision allows users to access a large amount of supplementary information that is useful for determining host status by displaying detailed system information, applications running, as well as processes and ports in use.

Key Features
Interrogate ports and identify potential "Trojan" services by using the "Port Probe" command in the port mapper. Using "Port Probe", Vision will enable you to send a customized string of information to the port. Based on the response from the port, a determination can be made to either kill the port, using the "Kill" command, or leave it as is.

View system events by sorting by application, process, service, port, remote IP, and device drivers in ascending or descending order.

Identify and review detailed information about Services and Devices to determine if they are Running or Stopped.

Q. Will Vision work on Windows 9x, Me, or XP?
A. Vision will not work on Windows 9x, or Me. It will work with Windows XP.

Q. I get “Must be Admin” error when trying to launch. I am the Administrator, so what’s the problem?
A. Check to ensure that nbt binding is enabled. In NT 4 this is done in your network interface bindings. Under Win2k check to ensure that you have the TCP/IP Netbios helper enabled.

System Requirements
NT 4/ Win 2000
NT 4 needs psapi.dll
800x600 res. minimum
256 colors min


OVAL's reference interpreter shows how: information can be collected from a computer; definitions can be used to test the system for computer vulnerabilities, configuration issues, programs, and patches; and results of the tests can be presented.

OVAL is an international, information security/community standard that has been designed to:

Promote open and publicly available security content,

Standardise the transfer of this information across the entire spectrum of security tools and services.

OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community. The language standardises the three main steps of the assessment process:

Representing configuration information of systems for testing;

Analysing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.);

Reporting the results of this assessment.

One of the minor drawbacks of using the Mitre OVAL framework is that it is command-line based, which can prove time consuming when scans and updates to the framework need to be performed. SSA has been designed to add a graphical front-end to this process and also provides a great deal more extensibility when utilising the framework in conjunctions with their tool.

Syndicate content