Intrusion detection system providing Network-based and host-based analyzer for network traffic or host systems, respectively, and provide log and alert data to detect events and activity. It is a rule-based system that looks at network traffic for fingerprints and identifiers that match known malicious, anomalous or otherwise suspicious traffic. Its end point security enables to perform log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. As an analyst, being able to correlate host-based events with network-based events can be the difference in identifying a successful attack.