Can Snort be configured as HIDS?

Question

I need to give a presentation regarding Snort and Security Auditing. I have recently learned to configure Snort as a NIDS. I want to know is there any way I can configure Snort as an HIDS? If I am updating variable HOME_NET to my IP, it'll log all ingress and egress traffic but is there a way to make it log all application and events occurring in a system?

Thank you in advance.

snort is a network analysis tool (https://www.snort.org/faq/what-is-snort) — schroeder, Apr 04 '15 at 19:05

score 4 · Accepted Answer · answered Apr 04 '15 at 17:57

No, Snort is not designed to log all application and events occurring in a system. A HIDS is not just a NIDS limited to just one host; it's a separate and additional layer of protections that can only be performed locally (like looking at files, processes, logs, and user contexts). Snort doesn't even try to do any of that.

Can Snort be configured as HIDS?

1 Answers1

Linked