What should a properly functioning IDS alert you about?

A properly functioning Intrusion Detection System (IDS) is designed primarily to identify and alert security personnel to signs of potential breaches or attacks. This includes detecting unauthorized access attempts, suspicious network traffic patterns, malware activity, and other indications that a security threat may be present.

The focus of an IDS is on monitoring and analyzing traffic for anything that deviates from normal behavior, which could signify an attempted compromise or successful intrusion. By alerting you to these signs, an IDS plays a critical role in maintaining the integrity and security of the system or network under surveillance.

While user login attempts might seem relevant, the IDS typically looks for unusual patterns or failed attempts that may indicate malicious activity rather than simply logging every attempt. Similarly, while system performance issues and notifications about software updates are important for system administration, they fall outside the scope of what an IDS is designed to monitor.