|This article relies on references to primary sources. (May 2012)|
|Developer(s)||Daniel B. Cid|
|Stable release||2.7.1 / November 20, 2013|
|Type||Security / HIDS|
|License||GNU GPL v2|
OSSEC is a free, open source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response.[jargon] It provides intrusion detection for most operating systems, including Linux, OpenBSD, FreeBSD, Mac OS X, Solaris and Windows. OSSEC has a centralized, cross-platform architecture allowing multiple systems to be easily monitored and managed. It was written by Daniel B. Cid and made public in 2004.
In June 2008, the OSSEC project and all the copyrights owned by Cid, the project leader, were acquired by Third Brigade, Inc. They promised to continue to contribute to the open source community and to extend commercial support and training to the OSSEC open source community.
In May 2009, Trend Micro acquired Third Brigade and the OSSEC project, with promises to keep it open source and free.
It is compliant with Payment Card Industry Data Security Standard (PCI DSS) requirements.
- Main Application: The main application, OSSEC, is required for distributed network or stand-alone installations. It is supported by Linux, Solaris, BSD, and Mac environments.
- Windows Agent: The Windows Agent is provided for Microsoft Windows environments. The main application needs to be installed and configured for server mode to support the Windows Agent.
- Web Interface: A separate web interface application provides a graphical user interface. Like the main application, it is supported by Linux, Solaris, BSD, and Mac environments.
OSSEC has a log analysis engine that is able to correlate and analyze logs from multiple devices and formats. The following are currently supported:
- Web servers:
- Windows event logs (logins, logouts, audit information, etc.)
- Windows Routing and Remote Access logs
- Generic Unix authentication (adduser, logins, etc.)
- OSSEC Documentation
- OSSEC blog
- OSSEC Project acquired
- Third Brigade Acquires OSSEC Open Source HIDS Project
- Trend Micro Acquires Third Brigade and OSSEC