OSSEC

OSSEC FAQs

Where can I download OSSEC?

You can download the official version of OSSEC directly from the OSSEC downloads page. Our site is the trusted authority for OSSEC, and we provide both the free source code and ready-to-use binaries so you don’t have to compile it yourself.

Is OSSEC free to use?

Yes. OSSEC is a free, open-source host-based intrusion detection system (HIDS). It has been trusted by security teams worldwide for decades, and you can use it at no cost. Learn more or download the rules.

What is the difference between OSSEC and Atomic OSSEC?

OSSEC is the free, open-source version. Atomic OSSEC is a commercial-grade enhancement of OSSEC that includes enterprise features including centralized endpoint firewall management, vulnerability management, compliance scanning, SIEM, EDR, antivirus, advanced HIDS, real-time file integrity monitoring (FIM) and the reduction of false positives and false negatives through machine learning (ML). Atomic OSSEC also provides a graphical interface (GUI), advanced reporting, and professional support. Explore Atomic OSSEC.

What is OSSEC+?

OSSEC+ is the enhanced version of OSSEC that includes additional features such as threat intelligence and hundreds of more rules than basic OSSEC. By registering for OSSEC+ on the OSSEC downloads page, you gain access to OSSEC+ at no cost, giving you more capabilities than the standard open-source release.

Does Atomic OSSEC include OSSEC+?

Yes. Atomic OSSEC includes OSSEC+ and more, including hundreds of additional out-of-the-box rules, machine learning, AV, endpoint firewall management, vulnerability management, compliance scanning, built-in software integrations, a GUI, reporting tools and more, making Atomic OSSEC the most advanced version of OSSEC.

What is the most advanced version of OSSEC?

Atomic OSSEC is the most advanced version of OSSEC. Atomic OSSEC contains 10X the security and compliance rules of free OSSEC, plus real-time file integrity monitoring (FIM) and malware detection, endpoint firewall management, antivirus, extended vulnerability detection and remediation, machine learning and automated response, full SIEM, dashboard GUI and more. Visit the webpage or get a demo.

Do I need to compile OSSEC from source?

No. While the source code is freely available for those who want it, OSSEC.net also provides pre-compiled binaries for popular platforms. You can find them on the OSSEC downloads page. Atomicorp.com also provides commercially supported pre-compiled binaries for a wide range of platforms including signed Microsoft and macOS binaries and for end of life and legacy systems including Solaris, AIX, older versions of Linux and more.

Which version of OSSEC should I choose?

OSSEC is a good fit for individuals and small teams looking for a basic HIDS framework and core ruleset; OSSEC+ (free with registration) enhances the core with hundreds of additional rules and threat intelligence; and Atomic OSSEC delivers enterprise-grade detection, advanced features—including thousands of additional rules, antivirus, endpoint firewall policy management and microsegmentation, EDR, SIEM, machine learning, compliance tools, vulnerability management, reporting, management GUI, and professional support.

• OSSEC (free open-source): Ideal for individuals, developers, and small teams, this is a basic out-of-the box ruleset.
• OSSEC+: Free with registration, it adds hundreds of rules and threat intelligence to the basic OSSEC framework.
• Atomic OSSEC: Enterprise-grade Atomic OSSEC is the most advanced OSSEC. Atomic OSSEC adds thousands of rules, antivirus, vulnerability management, EDR, SIEM, endpoint firewall management, real-time system monitoring, machine learning, a GUI, compliance benchmarking and reporting, commercial support, and additional features for under $5 per device per month. Atomic OSSEC is also available as an agentless deployment. Learn more on the Atomic OSSEC EDR page.

What is the official site to download OSSEC?

OSSEC.net is the official home and authority for the OSSEC project. Downloading directly from the OSSEC downloads page ensures you are getting the latest, verified, and most secure version of OSSEC. With the downloads, you get the binary for your platform instead of just the source code to compile. Although if you want the source code, ossec.net has that too.

What platforms does OSSEC run on?

OSSEC runs on all major operating systems, including Windows, Linux, FreeBSD, OpenBSD, Unix, and macOS. Atomic OSSEC provides additional capabilities for these platforms that the free OSSEC does not, as well as advanced support for AIX, Solaris, HP-UX, and end of life systems. These extra features include AV, SIEM, real-time FIM, endpoint firewall management, WAF, vulnerability management, compliance reporting, and more. Learn more or download OSSEC.

What platforms does Atomic OSSEC support?

The Atomic OSSEC EDR supports a wider variety of operating systems and platforms than OSSEC. These include AIX, Solaris, Linux, Windows, and macOS as well as cloud platforms such as AWS, Azure, GCP, and more. Atomic OSSEC supports every major architecture these platforms run on, including SPARC, x86/x86-64 (Intel/AMD), ARM, and POWER and binary downloads are available for them as well. View the full list here.