Details of the eXpert-BSM capabilities are available in the eXpert-BSM and
Graphical User Interface Manuals.
SRI provides this release of eXpert-BSM as a stand-alone intrusion
detection system for Sun Microsystems Solaris operating systems
for use on a single host system for internal evaluation purposes
only. For more information regarding advanced features and technical
support, please contact
For those who would like to license this component for operational
deployment in multi-host, enterprise-wide deployments, we provide a
full-featured, advanced version of eXpert-BSM which includes the following
Value-added services from SRI: the EMERALD development team
can also be engaged for these additional services associated
with use of eXpert-BSM:
Multi-host alert management - with additional components, users
can consolidate and analyze alerts from a suite of distributed
eXpert-BSM or other EMERALD monitors.
DBMS services - users can manage and view alerts from a distributed
suite of eXpert-BSM or other EMERALD monitors using our relational
database interface component. We currently support Oracle and Postgres.
Our Multi-host Database User Interface Manual [pdf], presents eAMI v1.3, which allows users to manage alerts from a suite of eXpert-BSM monitors deployed across a network of Solaris hosts.
Alert translation services - additional EMERALD components allow
users to translate EMERALD alert reports into a variety of binary
and ascii formats.
eResponder - a countermeasure invocation system, tightly coupled
with eXpert-BSM, which provides both automated and manual response
directive execution. [under development]
Consulting services - SRI can negotiate contracts for technical
support, consulting services, and feature extensions for use with
this and other EMERALD components.
Knowledge-base updates - licensed users will receive any updates
to the eXpert-BSM intrusion detection knowledge-base produced by SRI.