Cloud adoption continues to grow at a fast pace with an annual compound growth rate of 28 percent. To secure applications in the cloud; security measures need to follow the applications no matter where they are in the cloud. Tools like OSSEC provide excellent protection for the host; but what about the data?
Trend Micro […]

The OSSEC team is very happy to announce the general availability of OSSEC version 2.4.
What is new? We have lots of new features and bug fixes, but these are the main changes:

Added daily email summaries/reports. (more info)
Added option to alert when a log or command output changes - check_diff. (more info)
Added rules to ignore […]

The OSSEC community is on fire lately! We are very happy to see everyone talking and presenting about OSSEC. Those are some of the newest updates from our community:
Wim Remes spoke about OSSEC at the Fosdem conference. The video of his presentation is on youtube:

 
Iñaki Rodríguez fromvirtualminds.es did a webmeeting about OSSEC in spanish. Slides […]

We are very happy to announce that general availability of OSSEC version 2.3 (just in time for the holidays).
What is new?

Log analysis rules for the Nginx web server
Log analysis rules for Suhosin (Hardened PHP)
Support for real time file integrity monitoring on Windows systems
Support for monitoring the output of commands (process monitoring)
And a lot more…

Check out […]

Michael Starks from Immutable Security finished today his series of articles about OSSEC called “Week of OSSEC“. It was meant to coincide with his speak on OSSEC at the Rochester Security Summit.
From his blog:

As a service to the community and to coincide with my speaking on OSSEC at the Rochester Security Summit, every day during […]

We are pleased to announce the general availability of OSSEC version 2.2.
This is a stability release, with heavy focus on bug fixes, code cleanup and a few new features. The most notable changes are:

Trend OSCE (Office scan) support - We added rules to properly monitor and analyze Trend logs
Wordpress Monitoring - Wordpress is a popular […]

We are pleased to announce the general availability of OSSEC version 2.1.
This new version is the first one with support for centralized configurations and realtime integrity monitoring on Linux. It also includes many other features and bug fixes:

Centralized configuration - The agent.conf file was introduced to allow granular configuration of the agents directly on the […]

This is a guest article by Justin Foster of DevelopingSecurity.com

In the open source world some projects have taken on beloved status by their loyal user base. OSSEC is one of them, and for good reason.
For those of you unfamiliar, OSSEC (pronounced Oh-Sec) is an Open Source Host-based Intrusion Detection System. It performs log analysis, […]

This is a guest article by Dale Neufeld - canuck.eh at gmail.com
The status of the next version of the OSSEC web interface is one of the more commonly asked questions on the mailing list and is currently #2 on the community requested feature list (http://ossec.uservoice.com).
While web interfaces are nice to have, many of us suffer […]

What was announced?

On April 29, 2009 Trend Micro announced a definitive agreement to acquire the business of Third Brigade, a privately-held security and compliance software company headquartered in Ottawa, Canada that owns the OSSEC project. The acquisition is subject to customary approvals and is expected to close in the 2nd quarter of 2009.
 

Who […]

Rootcheck is responsible for the rootkit detection, system auditing and policy monitoring parts of OSSEC. However, if you want to check your systems without installing the whole OSSEC package, you can run Rootcheck separately to give you an quick status on how your system is going.
The rootcheck page is http://www.ossec.net/rootcheck/.
How to use it
[…]

We are pleased to announce the general availability of OSSEC version 2.0.
This new version is the first one with support for agentless monitoring and include many others new features and bug fixes:

Centralized configuration - The agent.conf file was introduced to allow granular configuration of the agents directly on the manager side.
Remote agent restart - […]

What’s new in 2.0 and when will it be released ?

New features that will be introduced in version 2.0 are:

Compiled Rules - Per popular demand, we are introducing the capability in the product to be able to use pre-compiled rules written in “C”. Customers who felt that the XML format for writing rules was very […]

The survey is now closed. Thanks for all the support.
OSSEC Usage Survey (& get a free OSSEC shirt!)
We need your help. In an effort to better understand how the OSSEC project is being used and look for ways to improve OSSEC moving forward, Trend Micro would like you to participate in a brief survey. […]

We are pleased to announce the general availability of OSSEC version 1.6.1. This is a small version with bug fixes for some issues found on v1.6.
For a list of features in the version 1.6, please visit: OSSEC v1.6 released.
For a list of issues that were solved, visit the Changelog.
Download it from: http://www.ossec.net/main/downloads .
Thanks!
–
Daniel B. Cid […]

We are pleased to announce the general availability of OSSEC version 1.6.
This new version delivers the most comprehensive update to OSSEC in its history, with numerous new features and bug fixes, including:

New multi-server architecture
New platform support for Microsoft Vista (and Server 2008)
New platform support for VMware ESX
Added active response module for Windows
CIS benchmarks on Linux […]

We are pleased to announce the general availability of OSSEC version 1.5.1. This is the first version under Third Brigade and contain fixes for bugs found so far on the version 1.5. For a list of features in the version 1.5, please visit: OSSEC v1.5 released.
For a list of issues that were solved, visit the […]

It is with great joy that we would like to announce that the OSSEC project has been acquired by Third Brigade.

The project remains open source, with additional resources and increased support availability to the OSSEC user community.

More information at the following links:

Acquisition FAQ
Press release
Public message from Daniel Cid (OSSEC founder)

Quote from the Press release:

”
Ottawa, […]

We are very pleased to announce the general availability of OSSEC version 1.5. This version comes with lots of bug fixes and new features, including:
-New log formats (info):

Solaris BSM auditing logs
Asterisk logs
Checkpoint and Smart Defense logs
Debian package (dpkg) install/status/remove messages
Shorewall logs
Postfix SASL error messages
Localized pure-ftpd messages (for 12 different languages)
DJB multilog

-Greek translation of the install.
-Added […]

The OSSEC project is now an official partner/sponsor of the The Academy.
They already have videos showing how to install OSSEC (on Unix and Windows) and will be giving away a copy of the new OSSEC book to one of their registered users. More information at their site.
About The Academy:
The Academy is a web site willing […]

The first OSSEC book (OSSEC Host-Based Intrusion Detection Guide) is officially out and available on the best bookstores. You can also buy it online at amazon.
About the book:
This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to need a definitive guide. Documentation […]

We are pleased to announce the public availability of OSSEC Web UI (oswui) version 0.3. This new version comes with a new design, lots of bug fixes, speed improvements and a major code reorganization. Some of the bugs fixed include: 67. 89. 90, 91, 103, 114-117 from our bugzilla.
Installation instructions available at: Wiki OSSECWUI:Install
Download it […]

We are pleased to announce the general availability of OSSEC version 1.4. This
version comes with the following major new features:

Support for reading database logs from PostgreSQL and MySQL (info)
Support for Prelude (info)
Support for storing the alerts on MySQL and PostgreSQL (info)
Support for Sonicwall logs, HP-UX ftpd, AIX 5.3 syslog ,etc

Plus lots of bug fixes and […]

During the month of May Daniel Cid went to AusCERT and Confidence to talk about OSSEC (i.e. Log analysis using OSSEC). On both presentations he mentioned LIDS (Log-Based intrusion detection), and provided an overview of the ossec architecture and how to write decoders and rules.
If you want to learn a bit more about ossec, take […]

LinuxWorld released the article Top 5 open source security tools in the enterprise and OSSEC was chosen number 1.
With thousands of open source security packages available, choices can be confusing. Here’s the short list of tools that are getting real-world successful deployments.
..
I’ve selected OSSEC HIDS as the No. 1 open source tool due to […]