# Security Solutions: IDS Fundamentals (TryHackMe)

In this article, I will write a write-up for IDS Fundamentals that covers What is an IDS, Types of IDS, IDS Examples: Snort, Snort Usage, and a Practical.

1. Can an intrusion detection system (IDS) prevent the threat after it detects it? Yea/Nay `Nay`
    
2. Which type of IDS is deployed to detect threats throughout the network? `Network Intrusion Detection System`
    
3. Which IDS leverages both signature-based and anomaly-based detection techniques? `Hybrid IDS`
    
4. Which mode of Snort helps us to log the network traffic in a PCAP file? `Packet Logging Mode`
    
5. What is the primary mode of Snort called? `Network Intrusion Detection System Mode`
    
6. Where is the main directory of Snort that stores its files? `/etc/snort`
    
7. Which field in the Snort rule indicates the revision number of the rule? `rev`
    
8. Which protocol is defined in the sample rule created in the task? `icmp`
    
9. What is the file name that contains custom rules for Snort? `local.rules`
    
10. What is the IP address of the machine that tried to connect to the subject machine using SSH? `10.11.90.211`
    
    `$ cd /etc/snort $ sudo snort -r Intro_to_IDS.pcap -c /etc/snort/snort.conf -A console`
    
    ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1730653927526/d78ee52f-8edb-4cf0-8e53-44d6a11ce0ab.png align="center")
    
    ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1730653906476/41b4aff4-67f5-427f-8d5c-f5f486408732.png align="center")
    
11. What other rule message besides the SSH message is detected in the PCAP file? `Ping Detected`
    
12. What is the sid of the rule that detects SSH? `1000002`
    

Thank you for reading my article. Please leave any questions or comments on improving my learning journey and the Lab THM challenges.
