About

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.

Check out What’s New for the latest release info.

OSSEC is Free

OSSEC is a free software and will remain so in the future; you can redistribute it and/or modify it under the terms of the GNU General Public License (version 2) as published by the FSF – Free Software Foundation.

Widely Used

OSSEC is a growing project, with more than 5,000 downloads per month on average. It is being used by ISPs, universities, governments and even large corporate data centers as their main HIDS solution. In addition to being deployed as an HIDS, it is commonly used strictly as a log analysis tool, monitoring and analyzing firewalls, IDSs, web servers and authentication logs.

Support Options

There are a number of options for both community and commercial support for OSSEC.

Community Support

OSSEC Github

You can post issues and get caught up on OSSEC development at the OSSEC Github account.

OSSEC Users Group on Google

Questions about installation, usage and configuration should be sent to this list. It has a low volume of messages (around 120/150 per month) and is the best way to have your questions answered.

Please note that the “community” support is provided by volunteers, and even though they will do their best to answer and help you, this may not be always possible. The rules are: be polite and provide enough information so everyone can understand your issue.

To subscribe to the ossec-list:

  • Send an email to ossec-list+subscribe@googlegroups.com with the subject of Subscribe ossec-list.
  • Messages should be sent to ossec-list@googlegroups.com

To unsubscribe:

Send an email to ossec-list+unsubscribe@googlegroups.com.

OSSEC Developers Group on Google

Development questions, patches and anything related to coding should be sent to the ossec-dev list. It has a very low volume of messages (around 20/30 per month) and is highly technical.

To subscribe to ossec-dev:

  • Send an e-mail to ossec-dev+subscribe@googlegroups.com with the subject of Subscribe ossec-dev.
  • Messages should be sent to ossec-dev@googlegroups.com.

To unsubscribe:

  • Send an email to ossec-dev+unsubscribe@googlegroups.com.

Commercial Support

Atomicorp

Atomicorp is the producer of Atomic Secured Linux™ which features a secure Linux system that includes OSSEC as one of its core technologies. Atomicorp provides comprehensive support services for all your security needs including deployment assistance and post-sale support for OSSEC. The company has long been involved with the OSSEC Project and currently builds the OSSEC RPM packages for each release. You can find out more about Atomicorp product and support offerings by contacting their sales team at sales@atomicorp.com or visiting their products listing page at: https://atomicorp.com/product-listing/.

Wazuh

Wazuh provides support and professional services to Wazuh OSSEC users. The services include training, deployment assistance, health-checks, tuning and commercial support. You can reach Wazuh team at: contact@wazuh.com.

Wazuh also contributes to the OSSEC project maintaining installers and providing an Open Source ruleset to improve OSSEC detection and log analysis capabilities. Wazuh has developed its own modules for OSSEC integration with Log management systems like Splunk or Elasticsearch. Their website includes documentation explaining how to use OSSEC to get in compliance with PCI-DSS, and to monitor Amazon AWS environments.

OSSEC Team

Currently the core OSSEC Team consists of the following developers and committers:

Daniel B. Cid – Founder of the OSSEC Project – dcid (at) dcid.me

Jeremy Rossi – OSSEC Development Manager – jeremy (at) jeremyrossi.com

Dan Parriott – Community support, docs, rules, testing – ddpbsd (at) gmail.com

Scott R. Shinn – OSSEC Release Manager - RPM / DEB repositories, Docker, Development – scott (at) atomicorp.com

Santiago Bassett – DEB repositories, SIEM integration – santiago (at) wazuh.com

Brad Lhotsky – Development, system integration, rules – brad . lhotsky (at) gmail.com

Andrew Widdersheim – Development, testing, rules – awiddersheim (at) hotmail.com

Jia-Bing (JB) Cheng – SIEM integration, community support – Jia-BingJB_Cheng (at) trendmicro.com

Former OSSEC Team Members

Michael Starks – Community Support, rules

Vic Hargrave – Development, testing – vichargrave (at) gmail.com