From OSSEC Wiki

This section is initially based on the READMEs and other documentation included in the source. Hopefully, this will be expanded as the documentation is filled out.

Articles

• Ossec daemons explained
• OSSEC's 3 Types of Logging
• How the server manages the agent
• OSSEC Rule ID Groupings and Best Practices
• Regular Expressions Syntax for Rules and Decoders
• Active-reponse Internal Logic Flow
• Rootkit Detection in OSSEC
• Rules Severity Explanation
• Binary installation
• Monitor OSSEC