HOME

TheInfoList



OR:

OSSEC (Open Source HIDS SECurity) is a free,
open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...
host-based intrusion detection system (HIDS). It performs log analysis, integrity checking,
Windows registry The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, a ...
monitoring,
rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exist ...
detection, time-based alerting, and active response. It provides intrusion detection for most operating systems, including
Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
,
OpenBSD OpenBSD is a security-focused operating system, security-focused, free software, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by fork (software development), forking NetBSD ...
,
FreeBSD FreeBSD is a free-software Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version was released in 1993 developed from 386BSD, one of the first fully functional and free Unix clones on affordable ...
,
OS X macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...
, Solaris and
Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
. OSSEC has a centralized, cross-platform architecture allowing multiple systems to be easily monitored and managed. OSSEC has a log analysis engine that is able to correlate and analyze logs from multiple devices and formats.


History

In June 2008, the OSSEC project and all the copyrights owned by Daniel B. Cid, the project leader, were acquired by Third Brigade, Inc. They promised to continue to contribute to the open source community and to extend commercial support and training to the OSSEC open source community. In May 2009,
Trend Micro is an American-Japanese cyber security software company. The company has globally dispersed R&D in 16 locations across every continent excluding Antarctica. The company develops enterprise security software for servers, containers, and cloud ...
acquired Third Brigade and the OSSEC project, with promises to keep it open source and free. In 2018, Trend released the domain name and source code to the OSSEC Foundation. The OSSEC project is currently maintained by Atomicorp who stewards the free and open source version and also offers a commercial version.


Characteristics

OSSEC consists of a main application, an
agent Agent may refer to: Espionage, investigation, and law *, spies or intelligence officers * Law of agency, laws involving a person authorized to act on behalf of another ** Agent of record, a person with a contractual agreement with an insuran ...
, and a
web interface In the industrial design field of human–computer interaction, a user interface (UI) is the space where interactions between humans and machines occur. The goal of this interaction is to allow effective operation and control of the machine fro ...
. * ''Manager'' (or server), which is required for distributed network or stand-alone installations. * ''Agent'', a small program installed on the systems to be monitored. * ''Agentless'' mode, can be used to monitor firewalls, routers, and even Unix systems.


Features

* Log based Intrusion Detection (LID): Actively monitors and analyzes data from multiple log data points in real-time. * Rootkit and Malware Detection: Process and file level analysis to detect malicious applications and rootkits. * Active Response: Respond to attacks and changes on the system in real time through multiple mechanisms including firewall policies, integration with 3rd parties such as CDN's and support portals, as well as self-healing actions. * Compliance Auditing: Application and system level auditing for compliance with many common standards such as PCI-DSS, and CIS benchmarks. * File Integrity Monitoring (FIM): For both files and windows registry settings in real time not only detects changes to the system, it also maintains a forensic copy of the data as it changes over time. * System Inventory: Collects system information, such as installed software, hardware, utilization, network services, listeners and other information.


See also

* Host-based intrusion detection system comparison


References


External links

* {{DEFAULTSORT:Ossec Computer network security Free network-related software Free security software Intrusion detection systems Linux security software Internet Protocol based network software