OSSEC - The open source Intrusion prevention system
Himanshuz.chd 270004408M Visits (9111)
OSSEC is an open source host based intrusion detection and prevention system (HIPS) that performs both profile and signature based analysis to detect and prevent computer intrusions. It is backed by a company named Trend Micro. OSSEC was initially developed by Daniel B. Cid to compensate for the lack of scalability of Tripwire (used for file integrity checking).
More about the story of evolution of OSSEC can be found here.
An excerpt from Wikipedia that explains the journey of OSSEC project till date :
In June 2008, the OSSEC project, and all the copyright owned by the project leader, Daniel B. Cid, were acquired by Third Brigade, Inc. They promised to continue to contribute to the open source community and extend commercial support and training to the OSSEC open source community. In May 2009, Trend Micro acquired Third Brigade and the OSSEC project, with promises to keep it open source and free.
Capabilities and features
OSSEC can perform :
So we see that OSSEC has evolved quite a bit with these features. Out of all these features, one feature that stands out is the OSSEC's ability to analyse logs. OSSEC has a very powerful logs analysing engine that is capable of analysing almost every type of logs that are generated on a system.
Here is an excerpt of the key feature description from OSSEC official website :
Strengths and WeaknessesSome of the strengths and weaknesses of the OSSEC IPS :
Here are some of Links that might be useful if you want to learn more about OSSEC :