OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.
Check out What's New for the latest release info.
OSSEC is a free software and will remain so in the future; you can redistribute it and/or modify it under the terms of the GNU General Public License (version 2) as published by the FSF – Free Software Foundation.
OSSEC is a growing project, with more than 5,000 downloads per month on average. It is being used by ISPs, universities, governments and even large corporate data centers as their main HIDS solution. In addition to being deployed as an HIDS, it is commonly used strictly as a log analysis tool, monitoring and analyzing firewalls, IDSs, web servers and authentication logs.
There are a number of options for both community and commercial support for OSSEC.
You can post issues and get caught up on OSSEC development at the OSSEC Github account.
Questions about installation, usage and configuration should be sent to this list. It has a low volume of messages (around 120/150 per month) and is the best way to have your questions answered.
Please note that the “community” support is provided by volunteers, and even though they will do their best to answer and help you, this may not be always possible. The rules are: be polite and provide enough information so everyone can understand your issue.
To subscribe to the ossec-list:
- Send an email to [email protected] with the subject of Subscribe ossec-list.
- Messages should be sent to [email protected]
To unsubscribe:
Send an email to [email protected].
Development questions, patches and anything related to coding should be sent to the ossec-dev list. It has a very low volume of messages (around 20/30 per month) and is highly technical.
To subscribe to ossec-dev:
- Send an e-mail to [email protected] with the subject of Subscribe ossec-dev.
- Messages should be sent to [email protected].
To unsubscribe:
- Send an email to [email protected].
Atomicorp
Atomicorp is the producer of Atomic Secured Linux™ which features a secure Linux system that includes OSSEC as one of its core technologies. Atomicorp provides comprehensive support services for all your security needs including deployment assistance and post-sale support for OSSEC. The company has long been involved with the OSSEC Project and currently builds the OSSEC RPM packages for each release. You can find out more about Atomicorp product and support offerings by contacting their sales team at [email protected] or visiting their products listing page at: https://atomicorp.com/product-listing/.
Wazuh
Wazuh provides support and professional services to Wazuh OSSEC users. The services include training, deployment assistance, health-checks, tuning and commercial support. You can reach Wazuh team at: [email protected].
Wazuh also contributes to the OSSEC project maintaining installers and providing an Open Source ruleset to improve OSSEC detection and log analysis capabilities. Wazuh has developed its own modules for OSSEC integration with Log management systems like Splunk or Elasticsearch. Their website includes documentation explaining how to use OSSEC to get in compliance with PCI-DSS, and to monitor Amazon AWS environments.
Currently the core OSSEC Team consists of the following developers and committers:
Scott R. Shinn – OSSEC Development Manager – scott (at) atomicorp.com
Dan Parriott – Community support, docs, rules, testing – ddpbsd (at) gmail.com
Dominik Lisiak – FreeBSD port maintainer – mobstef (at) ossec.net
Daniel B. Cid – Founder of the OSSEC Project – dcid (at) dcid.me
Michael Starks – Community Support, rules
Vic Hargrave – Development, testing – vichargrave (at) gmail.com
Jeremy Rossi – OSSEC Development Manager – jeremy (at) jeremyrossi.com
Santiago Bassett – DEB repositories, SIEM integration – santiago (at) wazuh.com
Brad Lhotsky – Development, system integration, rules – brad . lhotsky (at) gmail.com
Andrew Widdersheim – Development, testing, rules – awiddersheim (at) hotmail.com
Jia-Bing (JB) Cheng – SIEM integration, community support – Jia-BingJB_Cheng (at) trendmicro.com
Development
- Meir Michanie <[email protected]>
- Slava Semushin <[email protected]>
- Ahmet Ozturk <[email protected]>
- George Kargiotakis
- Jason Stelzer
- Xavier Mertens
- Stjepan Gros
- cmlara
- Christian Gottsche <[email protected]>
- Dominic
- Cristobel <rosa@alienvault>
- jp.zurbrugg
- Bil Hays <[email protected]>
- Wouter Clarie <[email protected]>
- Mario Weigel
- Christian Beer <[email protected]>
- Gael Muller <[email protected]>
- Ky-Anh Huynh <[email protected]>
- Dan Garthwaite <[email protected]>
- Lance A. Brown <[email protected]>
- danpop60 <[email protected]>
- Martin DiViaio <[email protected]>
- Michael Boyd <[email protected]>
- ibatten <[email protected]>
- rhelfter <[email protected]>
- Peter Drake <[email protected]>
- Mikey Austin <[email protected]>
- Harshil Mathur <[email protected]>
- Ryan Schulze <[email protected]>
- navtej <[email protected]>
- Hakisho Nukama <[email protected]>
- Danny Fullerton <[email protected]>
- Justin Gerace <[email protected]>
- jknockaert <[email protected]>
- Jason Stelzer <[email protected]>
- Antonio Querubin <[email protected]>
Testing/Patches Rules and other contributions.
- Cédric Bleimling <[email protected]
- Dean Takemori <[email protected]>
- Sebastien Tricaud <[email protected]>
- Jeff Schroeder <[email protected]>
- Giannis Vrentzos <[email protected]>
- Peter Ahlert <[email protected]>
- Rafael Capovilla <[email protected]>
- Andre Alexandre Gaio <[email protected]>
- Liliane A. Cid <[email protected]>
- Marcus Maciel <[email protected]>
- Stephen Kreusch <[email protected]>
- Kayvan A. Sylvan <[email protected]>
- Dianzhi Wang <[email protected]>
- Meir Michanie <[email protected]>
- Stephen Bunn <[email protected]>
- Jonathan Scheidell <[email protected]>
- |SaMaN| <[email protected]>
- ChuckD <[email protected]>
- Jorge Augusto Senger <[email protected]> - ossec2mysql (contrib)
- David J. Bianco <david at vorant.com>
- Ivan Lotina <[email protected]>
- Robert Millan [ackstorm] <[email protected]>
- Martin West <[email protected]>
- Rafael Capovilla <[email protected]>
- Florian Crouzqat
- Danny Fullerton
- Jeremy Hanmer
- Pepe Sanz
- Kat Fitzgerald
- Regis Houssin
- carlopmart
- Ash Kumar
- Alexandro Silva
- Mike Downey <[email protected]>
- Hai Nguyen <[email protected]>
- Jeffrey Jackson <[email protected]>
- Ben Chavet <[email protected]>
- Bill Parker <[email protected]>
- Schnaffon <[email protected]>
- Ralf Spenneberg <[email protected]>
- Darren Worrall <[email protected]>
- aalberdi <[email protected]>
Translations
- Dutch:
- Martijn de Boer <[email protected]>
- Serbian:
- Maja Michanie <[email protected]>
- Portuguese:
- Daniel Barcellos <[email protected]>
- Allan Soares <[email protected]>
- Willian Itiho Amano <[email protected]>
- Liliane Cid <[email protected]>
- German:
- Peter Ahlert <[email protected]>
- Turkish
- Ahmet Ozturk <[email protected]>
- Polish
- Dziankowski Krzysztof <[email protected]>
- Italian
- Alberto Furia <[email protected]>
- French
- Yves Bigliazzi <[email protected]>
- Japanese
- Kuzuno Hiroki <[email protected]>
- Russian
- Yuri Slobodyanyuk <[email protected]>
- Spanish
- Meir Michanie <[email protected]>
- Chinese
- Brian Wang <[email protected]>