Now we've touched on waza or OS second and earlier lesson, so we won't cover two extensively here. But let's at least talk a bit more about its functionality was a is used as a host intrusion detection system that can be configured to alert or block on certain things. How can alert on such things as check some integrity is being changed. Users logging in or failing toe Le Guin root kits and other such things. Nosa can be installed on most major operating systems and security. Onion can gather the logs from up to 14,000 and points.
The value of using Rosa is that it gives visibility into what's actually happening on your end points. Network traffic is all fine and dandy, but if you really want to know what's happening on a computer, you need local logs. Was akan give you those logs and can alert on specific things? It's potentially pretty powerful if deployed properly. Now I've stumbled upon unauthorized network scans just by looking at was all logs, so I I'd recommend looking more into it. If you are interested in it,