OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS)
OSSEC has a powerful correlation and analysis engine, integrating log analysis, file integrity monitoring, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.
OSSEC Is Open Source
OSSEC is a free software and will remain so in the future. You can redistribute it and/or modify it under the terms of the GNU General Public License (version 2) as published by the FSF – Free Software Foundation.
Used By Almost Everyone
OSSEC is a growing project, with more 500,000 downloads a year. It is used by everyone from large enterprises to small businesses to governments agencies as their primary server intrusion detection system — both on premise and in the cloud. In addition to being deployed for server protection, OSSEC , is commonly used strictly as a log analysis tool, monitoring and analyzing firewalls, IDSs, web servers and authentication logs.
Log based Intrusion Detection (LIDs)
Actively monitors and analyzes data from multiple log data points in real-time
Rootkit and Malware Detection
Process and file level analysis to detect malicious applications and rootkits
Respond to attacks and changes on the system in real time through multiple mechanisms including firewall policies, integration with 3rd parties such as CDN’s and support portals, as well as self-healing actions
Application and system level auditing for compliance with many common standards such as PCI-DSS, and CIS benchmarks
File Integrity Monitoring (FIM)
For both files and windows registry settings in real time not only detects changes to the system, it also maintains a forensic copy of the data as it changes over time.
Collects system information, such as installed software, hardware, utilization, network services, listeners and other information.
Post issues and get caught up on OSSEC development at the OSSEC Github account >>
OSSEC Google Mailing List
Submit questions about installation, usage and configuration. With low usage (around 120/150 per month) it’s the best way to have your questions answered. Note that community support is provided by volunteers. Be polite and provide enough information so everyone can understand your issue.
Developers Group on Google
Development questions, patches and anything related to coding should be sent to the ossec-dev list. It has a very low volume of messages (around 20/30 per month) and is highly technical.
Former OSSEC Development Team Members
Daniel B. Cid – Founder of the OSSEC Project – firstname.lastname@example.org
Jeremy Rossi – OSSEC Development Manager – email@example.com
Santiago Bassett – DEB repositories, SIEM integration – firstname.lastname@example.org
Brad Lhotsky – Development, system integration, rules –email@example.com
Andrew Widdersheim – Development, testing, rules – firstname.lastname@example.org
Jia-Bing (JB) Cheng – SIEM integration, community support – Jia-BingJB_Cheng@trendmicro.com
Michael Starks – Community Support, rules
Vic Hargrave – Development, testing – email@example.com
Lance A. Brown
Past OSSEC Project Team Members
Andre Alexandre Gaio
Liliane A. Cid
Kayvan A. Sylvan
Jorge Augusto Senger
David J. Bianco
Martijn de Boer
Martijn de Boer
Willian Itiho Amano