Ossec
Ossec is an open source host-based intrusion detection system that provides log analysis, file integrity monitoring, policy monitoring, rootkit detection, real-time alerting and active response.
open-source
hostbased
intrusion-detection
log-analysis
file-integrity
policy-monitoring
rootkit-detection
realtime-alerting
active-response
Ossec: Open Source Host-Based Intrusion Detection System
Open source host-based intrusion detection system providing log analysis, file integrity monitoring, policy monitoring, rootkit detection, real-time alerting and active response.
What is Ossec?
Ossec is an open source host-based intrusion detection system (HIDS) that provides log analysis, file integrity monitoring, policy monitoring, rootkit detection, real-time alerting and active response. It is designed to detect unauthorized intrusions, system anomalies and policy violations on systems. Here are some key features of Ossec:
- Cross-platform - works on Linux, Windows, macOS, Solaris, HP-UX and AIX systems.
- Log analysis - analyzes system logs in real-time to detect suspicious activities and intrusion attempts.
- File integrity monitoring - monitors changes to critical system files to detect unauthorized modifications.
- Rootkit detection - scans systems for rootkits and other malware.
- Real-time alerting - sends notifications via email, syslog, SNMP trap when security issues are detected.
- Active response - can be configured to block attackers actively in real-time when intrusion attempts detected.
- Centralized management - manager server allows monitoring and management of multiple agents from one console.
- Open source - developed, updated and maintained by a large community of contributors.
Ossec provides enterprise-class host intrusion detection capabilities for free. Its broad platform support, real-time monitoring and active response make it a popular open source choice for HIDS.
Ossec Features
Features
- Log analysis
- File integrity monitoring
- Policy monitoring
- Rootkit detection
- Real-time alerting
- Active response
Pricing
- Open Source
Pros
Open source
Cross-platform
Easy to install
Detailed alerts
Customizable rules
Integrates with many systems
Cons
Steep learning curve
Complex configuration
Many false positives
No official support
Official Links
The Best Ossec Alternatives
Top Security & Privacy and Intrusion Detection and other similar apps like Ossec
Wazuh
Wazuh is an open source security monitoring solution built on top of OSSEC. It provides threat detection, compliance, and data protection capabilities. Some of the key features of Wazuh include:Log analysis - Analyzes logs from applications, operating systems, and devices to detect suspicious activity, intrusions, policy violations etc.File integrity monitoring...
Tripwire
Tripwire is a security and compliance software that provides file integrity monitoring, intrusion detection, and configuration auditing. It works by creating a baseline database of file attributes like permissions, checksums, size, etc. and then continuously monitors files and systems to detect unauthorized changes.Some key features of Tripwire include:File integrity monitoring...
Verisys
Verisys is an identification verification and background screening platform used by businesses to authenticate customer or employee information. The software provides comprehensive background checks, identity verification, and risk assessments to help companies conduct due diligence.Key features of Verisys include:Criminal record searches - Lookup county, state, federal criminal records and sex...
