- User specified detection to look for specific events in the Windows Event Log
- Alert via email or execute a command
- Local port correlation to identify remote IP address
Rhythm Host Intrusion Prevent System is a log file monitor IDS/IPS for Windows. RHIPS can alert you via email when it matches detection criteria or execute a custom command. For alerting and response specify the number of instances before alerting or taking action. If specifying a command action another command can be run later on a timed basis. Port to IP address correlation allows for the connecting IP address to be identified and action taken against it. Taking action on an IP is done with token variables that can be specified in the command line. These token variables will be replaced by the actual data.
%TAB% - Tab character
%EDT% - Event date and time
%EDTF% - Event date and time format to replace spaces " ", colons ":" and forward slashes "/"
%CDT% - Current date time
%CDTF% - Current date time format to replace spaces " ", colons ":" and forward slashes "/"
%LIP% - Local IP address
%RIP% - Remote IP address
- Tested on Windows XP, Windows
IP address correlation requires the Windows firewall be enabled and set to log successful connections
V 1.0.3 - Added default configuration. Update API URL for Metadefender. Beta link
V 1.0.2 - Added process monitoring functionality (log only). Minor tweaks.
V 1.0.1 - Bug fix for time measurement to look back in logs. Added tray icon
V 1.0 - First public released version.
Special thanks to the following people for allowing the use of their code:
Sergey Merzlikin - http://www.smsoft.ru
Karl E. Peterson - http://www.mvps.org/vb
Microsoft, Windows XP, Windows Vista, Windows 7 are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other Trademarks are the properties of their respective owners.