An Intrusion Detection System (IDS) is a security tool that continuously monitors a network or system for unusual activity and generates alerts when it detects something suspicious. These alerts are then reviewed by a security operations center (SOC) analyst or incident responder, who can investigate the issue and take action to address any potential threats.

[ 007 ].[ 01 ].- Host-Based IDS (HIDS)

A host-based Intrusion Detection System (IDS) is a security tool that is installed on a specific endpoint, such as a computer or server, and is designed to protect that endpoint from internal and external threats. It has the ability to monitor network traffic, track running processes, and review system logs on the host machine to identify any potential security issues. While a host-based IDS has a limited scope of visibility, only being able to monitor activity on the host machine, it has a deep understanding of the inner workings of that particular endpoint.

[ 007 ].[ 02 ].- Network-Based IDS (NIDS)

A network-based Intrusion Detection System (IDS) is a security tool that is designed to monitor an entire protected network for unusual activity. It has visibility into all the traffic that flows through the network and can analyze the metadata and contents of packets to identify potential threats. The wider scope of visibility of a network-based IDS allows it to detect widespread threats, but it does not have access to the inner workings of the endpoints on the network.