Host Intrusion Detection

Host Intrusion Detection (HID) is a beta Compliance Reporter feature that monitors all the locations where malware can persist on a computer, such as LaunchDaemons folders and other background app launch mechanisms. The following are monitored by HID in beta 1:
  • File locations where software can establish persistence on the host.

  • Sensitive services, such as SSH and file sharing configuration files.

  • All events designed to be tightly interlinked and enriched with the primary Compliance Reporter telemetry data stream.

In beta 1, the HID logs will retain their FILE_EVENT format.