HOME

TheInfoList



Click Here for Items Related To - OSSEC
OR:
OSSEC on:   [Wikipedia]   [Google]   [Amazon]

OSSEC (Open Source HIDS SECurity) is a
free Free may refer to: Concept * Freedom, having the ability to do something, without having to obey anyone/anything * Freethought, a position that beliefs should be formed only on the basis of logic, reason, and empiricism * Emancipate, to procure ...
,
open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
host-based intrusion detection system A host-based intrusion detection system (HIDS) is an intrusion detection system that is capable of monitoring and analyzing the internals of a computing system as well as the network packets on its network interfaces, similar to the way a netwo ...
(HIDS). It performs
log analysis In computer log management and intelligence, log analysis (or ''system and network log analysis'') is an art and science seeking to make sense of computer-generated records (also called log or audit trail records). The process of creating such re ...
, integrity checking,
Windows registry The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and u ...
monitoring,
rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exi ...
detection, time-based alerting, and active response. It provides intrusion detection for most operating systems, including
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which in ...
,
OpenBSD OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. According to the website, the OpenBSD project emph ...
,
FreeBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular op ...
,
OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lap ...
, Solaris and
Windows Windows is a group of several Proprietary software, proprietary graphical user interface, graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, W ...
. OSSEC has a centralized, cross-platform architecture allowing multiple systems to be easily monitored and managed. OSSEC has a log analysis engine that is able to correlate and analyze logs from multiple devices and formats.


History

In June 2008, the OSSEC project and all the copyrights owned by Daniel B. Cid, the project leader, were acquired by Third Brigade, Inc. They promised to continue to contribute to the open source community and to extend commercial support and training to the OSSEC open source community. In May 2009,
Trend Micro is an American-Japanese multinational cyber security software company with global headquarters in Tokyo, Japan and Irving, Texas, United State.Other regional headquarters and R&D centers are located around East Asia, Southeast Asia, Europe, and ...
acquired Third Brigade and the OSSEC project, with promises to keep it open source and free. In 2018, Trend released the domain name and source code to the OSSEC Foundation. The OSSEC project is currently maintained by Atomicorp who stewards the free and open source version and also offers a
enhanced commercial version


Software components

OSSEC consists of a main application, an
agent Agent may refer to: Espionage, investigation, and law *, spies or intelligence officers * Law of agency, laws involving a person authorized to act on behalf of another ** Agent of record, a person with a contractual agreement with an insuranc ...
, and a
web interface In the industrial design field of human–computer interaction, a user interface (UI) is the space where interactions between humans and machines occur. The goal of this interaction is to allow effective operation and control of the machine fr ...
. * ''Manager'' (or server), which is required for distributed network or stand-alone installations. * ''Agent'', a small program installed on the systems to be monitored. * ''Agentless'' mode, can be used to monitor firewalls, routers, and even Unix systems.


OSSEC Features

* Log based Intrusion Detection (LID) : Actively monitors and analyzes data from multiple log data points in real-time. * Rootkit and Malware Detection : Process and file level analysis to detect malicious applications and rootkits. * Active Response : Respond to attacks and changes on the system in real time through multiple mechanisms including firewall policies, integration with 3rd parties such as CDN’s and support portals, as well as self-healing actions. * Compliance Auditing : Application and system level auditing for compliance with many common standards such as PCI-DSS, and CIS benchmarks. * File Integrity Monitoring (FIM) : For both files and windows registry settings in real time not only detects changes to the system, it also maintains a forensic copy of the data as it changes over time. * System Inventory : Collects system information, such as installed software, hardware, utilization, network services, listeners and other information.


OSSEC Conferences

Since 2017, Atomicorp has been running the annual OSSEC Conference, where all active developers and members of the community get together to discuss OSSEC and its future. The 2019 OSSEC Con was held March 20-21st outside Washington DC. Slides and other materials from the conference are availabl
here


See also

*
Host-based intrusion detection system comparison Comparison of host-based intrusion detection system components and systems. Free and open-source software As per the Unix philosophy a good HIDS is composed of multiple packages each focusing on a specific aspect. Proprietary software Propriet ...


References


External links

* {{DEFAULTSORT:Ossec Computer network security Free network-related software Free security software Intrusion detection systems Linux security software Internet Protocol based network software