CyberCop Monitor is a hybrid host/network based IDS that analyzes network traffic to and from the host as well as Windows NT EventLog audit trails and Windows NT authentication activity.
Developed under the Microsoft Management Console user interface, both CyberCop Monitor and the SMI Console integrate to provide an easy to use graphical interface for local / remote reporting, and remote installation.
Configuration editor allows for custom settings and thresholds to suit every environment, including security profiles, account groups, time and subnets.
Extensive filtering using ordered filter rules for each signature.
Report coalescing feature suppresses denial of service on the IDS itself.
Report collating of monitoring and scanning information per system with trend analysis options, including 3D charting and graphing from an SQL database.
CyberCop Monitor was written from the ground up by NAI. There is NO connection with the CyberCop Network v.1.0 product developed by Network General/WheelGroup or the Haystack product from TIS - This was aging technology and shelved some months after each subsequent acquisition.