A systems administrator receives an alert for a critical web server. The alert indicates that a user account, not associated with any administrator, attempted to modify a core operating system configuration file. The action was logged and an alert was sent, but the system did not block the action. Which of the following host security measures MOST likely generated this alert?
A Host Intrusion Detection System (HIDS) is designed to monitor a host for suspicious activity, such as unauthorized file modifications, and generate alerts. It operates in a passive, detective mode and does not actively block the malicious behavior itself, which aligns with the scenario where the action was logged and alerted on but not prevented. A Host Intrusion Prevention System (HIPS) is an active security measure that would have attempted to block the unauthorized modification. Antivirus software primarily scans for known malware signatures and is less focused on policy-based file modification attempts. A Hardware Security Module (HSM) is a physical device for managing cryptographic keys and is not involved in monitoring file system integrity or user activity on the host OS.