Tutorial of setup OSSEC with OSSEC- WUI (Web User Interface).

by Vishal Singh · Published June 24, 2020 · Updated December 2, 2021

As a scalable, multi-platform, open-source Host-based Intrusion Detection System (HIDS), OSSEC has an authoritative analysis and correlation engine, integrating log analysis, Windows registry monitoring, file integrity monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response. It runs on most OS, including OpenBSD, Linux, macOS, FreeBSD, Solaris, and Windows. As an Open Source tool, it continues so in the upcoming days. You can reallocate it and/or alter it under the terms of the GNU General Public License (version 2) as published by the Free Software Foundation (FSF)

Features of OSSEC

Log based Intrusion Detection (LIDs)

Aggressively analyzes and monitors data from manifold log data points in real-time

Malware and Rootkit Detection

Process and file level analysis for detect malevolent rootkits and applications

Active Response

Respond to changes and attacks on the system in real-time through manifold techniques including firewall policies, integration with 3rd parties such as CDN’s and support portals, as well as self-healing actions.

Compliance Auditing

Focuses on auditing pertaining to application and system level for compliance with numerous common standards such as PCI-DSS, and CIS standards.

File Integrity Monitoring (FIM)

For both files and windows registry settings in real-time not only detects changes to the system, it also maintains a forensic copy of the data as it changes over time.