LoginIDS provides functions to analyze log files from different services in order to detect unusual login behavior. The normal user behavior is learned by analyzing log files and saved in a database. Logins are analyzed by time, service, source, and destination address. If a user's login is new or considered unlikely by LoginIDS, an alert is generated. Alerts can be handled by external scripts and viewed using the log file management system Splunk and the LoginIDS App.
Dr. PortScan is a tool for the automatic analysis of port scans in large and complex network infrastructures. The differences between successive scans of a network can be sent as reports at regular intervals to predefined admins. It uses port scans generated with nmap by default.