Intrusion detection data sources provide audit data to determine if an intrusion has occurred. Many previous sources only provided syslog data.
Previous intrusion detection data sources suffered from numerous deficiencies. For example, many sources always produce data, produce ambiguous data, the delivery of data is too slow, negatively impacts system throughput, and stores information from a system call in several records causing difficulty in accessing the records.