OSSEC (Open Source HIDS Security) is a free, open-source host-based intrusion detection system (HIDS). OSSEC has a powerful correlation and analysis engine, integrating log analysis, file integrity monitoring, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.
OSSEC Features
Log based Intrusion Detection (LIDs)
Actively monitors and analyzes data from multiple log data points in real-time.
Compliance Auditing
Application and system level auditing for compliance with many common standards such as PCI-DSS, and CIS benchmarks.
System Inventory
Collects system information, such as installed software, hardware, utilization, network services, listeners and other information.
File Integrity Monitoring (FIM)
For both files and windows registry settings in real time not only detects changes to the system, it also maintains a forensic copy of the data as it changes over time.
Active Response
Respond to attacks and changes on the system in real time through multiple mechanisms including firewall policies, integration with 3rd parties such as CDN’s and support portals, as well as self-healing actions.
Rootkit and Malware Detection
Process and file level analysis to detect malicious applications and rootkits.
Atomic Enterprise OSSEC
Atomic Ossec is the enterprise version with additional features to add on to simplify and manage the agents in GUI consoles.
