3rd Week of OSSEC: Oct 23-29 Michael Starks had the great idea to get everyone together and organize the third annual week of ossec. Last year we had many contributions and we hope to have even more on this one. These are just some of the posts we had in the first 2 days: 3WoO: [...]

We have added IPv6 support for the agent->manager communication on OSSEC in the latest version (2.6) and we are working to make sure it can parse all logs with IP addresses in the IPv6 format (still under development). In our effort to fully support IPv6, the OSSEC.net web site is now IPv6 ready as well: [...]

We are very happy to announce the availability of OSSEC version 2.6. This has been a long release cycle, but it is here now with some good new features and very stable (thanks to our beta users). Our manual for the new version is also live at http://www.ossec.net/doc/. What is new? Added IPv6 support Lots [...]

These are some of the OSSEC-related articles writen by our community in the month of May, 2011. If you are writting or doing something related to OSSEC, send it to us (dcid@ossec.net) and we will include it in the next one. Improved reporting for file changes (syscheck) by Daniel Cid Emergency Phone Number Dialed (good [...]

We will start to do every few months an update with the latest posts and documents being written about OSSEC by our community. If you are writting or doing something related to OSSEC, send it to us (dcid@ossec.net) and we will include in the next one. Blackhat OSSEC workshop by Wim Remes and Xavier Mertens [...]

We will start to do every few months an update with the latest posts and documents being written about OSSEC by our community. If you are writting or doing something related to OSSEC, send it to us (dcid@ossec.net) and we will include in the next one. Auditing MySQL DB Integrity with OSSEC by by Xavier [...]

The week of OSSEC is going very well, and I am more than impressed by how our community is working together and writing a lot about it. These are some of the blog posts and discussions so far. If I missed something, let me know and I will add to here. Day 4: 2WoO Day [...]

Week of OSSEC: Day -2 Michael Starks had the great idea to get everyone together and organize the second annual week of ossec. Last year he was the only one participating, but this year we hope to have many contributions. To get started, Syngress decided to help out and release a few chapters of the [...]

We are very happy to announce the availability of OSSEC version 2.5. This has been a long release cycle (5 months), but it comes out pretty stable and with many new features. We also had many contributors, showing how much our community is growing and getting stronger. In addition to that, our documentation and manual [...]

Cloud adoption continues to grow at a fast pace with an annual compound growth rate of 28 percent. To secure applications in the cloud; security measures need to follow the applications no matter where they are in the cloud. Tools like OSSEC provide excellent protection for the host; but what about the data? Trend Micro [...]

The OSSEC team is very happy to announce the general availability of OSSEC version 2.4. What is new? We have lots of new features and bug fixes, but these are the main changes: Added daily email summaries/reports. (more info) Added option to alert when a log or command output changes – check_diff. (more info) Added [...]

The OSSEC community is on fire lately! We are very happy to see everyone talking and presenting about OSSEC. Those are some of the newest updates from our community: Wim Remes spoke about OSSEC at the Fosdem conference. The video of his presentation is on youtube:   Iñaki Rodríguez fromvirtualminds.es did a webmeeting about OSSEC [...]

We are very happy to announce that general availability of OSSEC version 2.3 (just in time for the holidays). What is new? Log analysis rules for the Nginx web server Log analysis rules for Suhosin (Hardened PHP) Support for real time file integrity monitoring on Windows systems Support for monitoring the output of commands (process [...]

Michael Starks from Immutable Security finished today his series of articles about OSSEC called “Week of OSSEC“. It was meant to coincide with his speak on OSSEC at the Rochester Security Summit. From his blog: As a service to the community and to coincide with my speaking on OSSEC at the Rochester Security Summit, every [...]

We are pleased to announce the general availability of OSSEC version 2.2. This is a stability release, with heavy focus on bug fixes, code cleanup and a few new features. The most notable changes are: Trend OSCE (Office scan) support – We added rules to properly monitor and analyze Trend logs WordPress Monitoring – WordPress [...]

We are pleased to announce the general availability of OSSEC version 2.1. This new version is the first one with support for centralized configurations and realtime integrity monitoring on Linux. It also includes many other features and bug fixes: Centralized configuration – The agent.conf file was introduced to allow granular configuration of the agents directly [...]

This is a guest article by Justin Foster of DevelopingSecurity.com In the open source world some projects have taken on beloved status by their loyal user base. OSSEC is one of them, and for good reason. For those of you unfamiliar, OSSEC (pronounced Oh-Sec) is an Open Source Host-based Intrusion Detection System. It performs log [...]

This is a guest article by Dale Neufeld – canuck.eh at gmail.com The status of the next version of the OSSEC web interface is one of the more commonly asked questions on the mailing list and is currently #2 on the community requested feature list (http://ossec.uservoice.com). While web interfaces are nice to have, many of [...]

What was announced? On April 29, 2009 Trend Micro announced a definitive agreement to acquire the business of Third Brigade, a privately-held security and compliance software company headquartered in Ottawa, Canada that owns the OSSEC project. The acquisition is subject to customary approvals and is expected to close in the 2nd quarter of 2009.   [...]

Rootcheck is responsible for the rootkit detection, system auditing and policy monitoring parts of OSSEC. However, if you want to check your systems without installing the whole OSSEC package, you can run Rootcheck separately to give you an quick status on how your system is going. The rootcheck page is http://www.ossec.net/rootcheck/. How to use it [...]

We are pleased to announce the general availability of OSSEC version 2.0. This new version is the first one with support for agentless monitoring and include many others new features and bug fixes: Centralized configuration – The agent.conf file was introduced to allow granular configuration of the agents directly on the manager side. Remote agent [...]

What’s new in 2.0 and when will it be released ? New features that will be introduced in version 2.0 are: Compiled Rules – Per popular demand, we are introducing the capability in the product to be able to use pre-compiled rules written in “C”. Customers who felt that the XML format for writing rules [...]

The survey is now closed. Thanks for all the support. OSSEC Usage Survey (& get a free OSSEC shirt!) We need your help. In an effort to better understand how the OSSEC project is being used and look for ways to improve OSSEC moving forward, Trend Micro would like you to participate in a brief [...]

We are pleased to announce the general availability of OSSEC version 1.6.1. This is a small version with bug fixes for some issues found on v1.6. For a list of features in the version 1.6, please visit: OSSEC v1.6 released. For a list of issues that were solved, visit the Changelog. Download it from: http://www.ossec.net/main/downloads [...]

We are pleased to announce the general availability of OSSEC version 1.6. This new version delivers the most comprehensive update to OSSEC in its history, with numerous new features and bug fixes, including: New multi-server architecture New platform support for Microsoft Vista (and Server 2008) New platform support for VMware ESX Added active response module [...]

We are pleased to announce the general availability of OSSEC version 1.5.1. This is the first version under Third Brigade and contain fixes for bugs found so far on the version 1.5. For a list of features in the version 1.5, please visit: OSSEC v1.5 released. For a list of issues that were solved, visit [...]

It is with great joy that we would like to announce that the OSSEC project has been acquired by Third Brigade. The project remains open source, with additional resources and increased support availability to the OSSEC user community. More information at the following links: Acquisition FAQ Press release Public message from Daniel Cid (OSSEC founder) [...]

We are very pleased to announce the general availability of OSSEC version 1.5. This version comes with lots of bug fixes and new features, including: -New log formats (info): Solaris BSM auditing logs Asterisk logs Checkpoint and Smart Defense logs Debian package (dpkg) install/status/remove messages Shorewall logs Postfix SASL error messages Localized pure-ftpd messages (for [...]

The OSSEC project is now an official partner/sponsor of the The Academy. They already have videos showing how to install OSSEC (on Unix and Windows) and will be giving away a copy of the new OSSEC book to one of their registered users. More information at their site. About The Academy: The Academy is a [...]

The first OSSEC book (OSSEC Host-Based Intrusion Detection Guide) is officially out and available on the best bookstores. You can also buy it online at amazon. About the book: This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to need a definitive [...]

We are pleased to announce the public availability of OSSEC Web UI (oswui) version 0.3. This new version comes with a new design, lots of bug fixes, speed improvements and a major code reorganization. Some of the bugs fixed include: 67. 89. 90, 91, 103, 114-117 from our bugzilla. Installation instructions available at: Wiki OSSECWUI:Install [...]

We are pleased to announce the general availability of OSSEC version 1.4. This version comes with the following major new features: Support for reading database logs from PostgreSQL and MySQL (info) Support for Prelude (info) Support for storing the alerts on MySQL and PostgreSQL (info) Support for Sonicwall logs, HP-UX ftpd, AIX 5.3 syslog ,etc [...]

During the month of May Daniel Cid went to AusCERT and Confidence to talk about OSSEC (i.e. Log analysis using OSSEC). On both presentations he mentioned LIDS (Log-Based intrusion detection), and provided an overview of the ossec architecture and how to write decoders and rules. If you want to learn a bit more about ossec, [...]

LinuxWorld released the article Top 5 open source security tools in the enterprise and OSSEC was chosen number 1. With thousands of open source security packages available, choices can be confusing. Here’s the short list of tools that are getting real-world successful deployments. .. I’ve selected OSSEC HIDS as the No. 1 open source tool [...]