OSSEC
{{Short description|Type of software}}
{{Multiple issues|
{{Primary sources|date=May 2012}}
{{More footnotes needed|date=July 2015}}
}}
{{Infobox software
| name = OSSEC
| logo = File:OSSEC_logo.png
| screenshot =
| caption =
| developer = Daniel B. Cid et al.
| programming language = C
| license = GNU GPL v2
| website = [https://www.ossec.net/ www.ossec.net]
| operating_system = Cross-platform
| latest release version = {{wikidata|property|reference|P348}}
| latest release date = {{start date and age|{{wikidata|qualifier|P348|P577}}}}
}}
OSSEC (Open Source HIDS SECurity) is a free, open-source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. It provides intrusion detection for most operating systems, including Linux, OpenBSD, FreeBSD, OS X, Solaris and Windows. OSSEC has a centralized, cross-platform architecture allowing multiple systems to be easily monitored and managed.{{cite web
| url=https://www.ossec.net/about.html
| title=About
| date=2017
| publisher=OSSEC Project Team
| accessdate=2018-05-10}} OSSEC has a log analysis engine that is able to correlate and analyze logs from multiple devices and formats.{{cite web
| url=https://www.ossec.net/docs/log_samples/
| title=Log Samples
| date=2017
| publisher=OSSEC Project Team
| accessdate=2018-05-10}}
History
In June 2008, the OSSEC project and all the copyrights owned by Daniel B. Cid, the project leader, were acquired by Third Brigade, Inc. They promised to continue to contribute to the open source community and to extend commercial support and training to the OSSEC open source community.
In May 2009, Trend Micro acquired Third Brigade and the OSSEC project, with promises to keep it open source and free.
In 2018, Trend released the domain name and source code to the OSSEC Foundation.
The OSSEC project is currently maintained by Atomicorp who stewards the free and open source version and also offers a commercial version.
Characteristics
OSSEC consists of a main application, an agent, and a web interface.{{cite web
| url=https://www.ossec.net/docs/manual/ossec-architecture.html
| title=OSSEC Architecture
| date=2017
| publisher=OSSEC Project Team
| accessdate=2018-05-10}}
- Manager (or server), which is required for distributed network or stand-alone installations.
- Agent, a small program installed on the systems to be monitored.
- Agentless mode, can be used to monitor firewalls, routers, and even Unix systems.
= Features =
- Log based Intrusion Detection (LID): Actively monitors and analyzes data from multiple log data points in real-time.
- Rootkit and Malware Detection: Process and file level analysis to detect malicious applications and rootkits.
- Active Response: Respond to attacks and changes on the system in real time through multiple mechanisms including firewall policies, integration with 3rd parties such as CDN's and support portals, as well as self-healing actions.
- Compliance Auditing: Application and system level auditing for compliance with many common standards such as PCI-DSS, and CIS benchmarks.
- File Integrity Monitoring (FIM): For both files and windows registry settings in real time not only detects changes to the system, it also maintains a forensic copy of the data as it changes over time.
- System Inventory: Collects system information, such as installed software, hardware, utilization, network services, listeners and other information.
See also
References
{{Reflist}}
External links
- {{Official website|https://www.ossec.net}}
{{clear}}
{{DEFAULTSORT:Ossec}}
Category:Computer network security
Category:Free network-related software
Category:Free security software
Category:Intrusion detection systems