The EMERALD eXpert (pronounced E-expert) is a high-volume production-based forward-reasoning system, representing the signature analysis subsystem of SRI's EMERALD intrusion detection architecture. eXpert is one of three analytical platforms used in a spectrum of intrusion detection components that range from host and application-layer misuse detection to TCP/IP-based distributed network sensors.

EMERALD's eXpert-BSM Monitor is a host-based intrusion detection system that provides an unprecedented degree of realtime security monitoring for critical application servers and workstations. eXpert-BSM provides the most comprehensive knowledge-base for detecting insider misuse, policy violations, privilege misuse or subversion, illegal resource manipulation, and other site policy violations for Sun Solaris operating systems. This component is packaged and distributed as a full intrusion detection solution, providing data collection, intrusion detection analysis, an alert management interface, and detailed response directives.