OSSEC, the free and open source IDSFeb 27, 2014, 10:00 (0 Talkback[s])
(Other stories by Doug Vitale)
OSSEC is a HIDS that functions using both signature and anomaly detection (the book OSSEC HIDS Host Based Intrusion Guide states on page 161 that OSSEC’s “kernel-level checks do not use any signatures and instead rely on anomaly detection technology to look for rootkits”). OSSEC provides both host agent and file integrity agent (integrity checking) capabilities. It can also detect rootkits and perform log analysis. OSSEC can be deployed as a stand-alone agent or as part of a distributed network of agents with a central OSSEC server controlling their configurations and settings. In server mode, a central OSSEC server manages one or more remote OSSEC agents. These agents generate updates and status reports which are transmitted to the server. If any of these notifications are deemed suspicious by the server, it generates alerts.
0 Talkback[s] (click to add your comment)