OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.
Check out What’s New for the latest release info.
OSSEC is a free software and will remain so in the future; you can redistribute it and/or modify it under the terms of the GNU General Public License (version 2) as published by the FSF – Free Software Foundation.
OSSEC is a growing project, with more than 5,000 downloads per month on average. It is being used by ISPs, universities, governments and even large corporate data centers as their main HIDS solution. In addition to being deployed as an HIDS, it is commonly used strictly as a log analysis tool, monitoring and analyzing firewalls, IDSs, web servers and authentication logs.
There are a number of options for both community and commercial support for OSSEC.
You can post issues and get caught up on OSSEC development at the OSSEC Github account.
Questions about installation, usage and configuration should be sent to this list. It has a low volume of messages (around 120/150 per month) and is the best way to have your questions answered.
Please note that the “community” support is provided by volunteers, and even though they will do their best to answer and help you, this may not be always possible. The rules are: be polite and provide enough information so everyone can understand your issue.
To subscribe to the ossec-list:
Send an email to email@example.com.
Development questions, patches and anything related to coding should be sent to the ossec-dev list. It has a very low volume of messages (around 20/30 per month) and is highly technical.
To subscribe to ossec-dev:
Atomicorp is the producer of Atomic Secured Linux™ which features a secure Linux system that includes OSSEC as one of its core technologies. Atomicorp provides comprehensive support services for all your security needs including deployment assistance and post-sale support for OSSEC. The company has long been involved with the OSSEC Project and currently builds the OSSEC RPM packages for each release. You can find out more about Atomicorp product and support offereings by contacting their sales team at firstname.lastname@example.org or visiting their products listing page at: https://atomicorp.com/product-listing/.
Wazuh provides support and professional services to Wazuh OSSEC users. The services include training, deployment assistance, health-checks, tuning and commercial support. You can reach Wazuh team at: email@example.com.
Wazuh also contributes to the OSSEC project maintaing installers and providing an Open Source ruleset to improve OSSEC detection and log analysis capabilities. Wazuh has developed its own modules for OSSEC integration with Log management systems like Splunk or Elasticsearch. Their website includes documentation explaining how to use OSSEC to get in compliance with PCI-DSS, and to monitor Amazon AWS environments.
Currently the core OSSEC Team consists of the following developers and committers:
Daniel B. Cid – Founder of the OSSEC Project – dcid (at) dcid.me
Jeremy Rossi – OSSEC Development Manager – jeremy (at) jeremyrossi.com
Dan Parriott – Community support, docs, rules, testing – ddpbsd (at) gmail.com
Scott R. Shinn – RPM repositories, rules, tools integration – scott (at) atomicorp.com
Santiago Bassett – DEB repositories, SIEM integration – santiago (at) wazuh.com
Brad Lhotsky – Development, system integration, rules – brad . lhotsky (at) gmail.com
Andrew Widdersheim – Development, testing, rules – awiddersheim (at) hotmail.com
Vic Hargrave – Development, testing – vichargrave (at) gmail.com
Jia-Bing (JB) Cheng – SIEM integration, community support – Jia-BingJB_Cheng (at) trendmicro.com
Michael Starks – Community Support, rules