Host intrusion detection system for log analysis, file integrity, and active response
- Stars5k
- Forks1.1k
- Open Issues274
GPL-2.0
- C
- Shell
- Perl
About OSSEC
OSSEC is a host-based intrusion detection system that watches the servers it runs on. It combines HIDS, log monitoring, and SIM/SIEM-style correlation in one agent to surface attacks and policy violations across a fleet.
It performs log analysis, file integrity checking, policy and compliance monitoring, rootkit detection, real-time alerting, and active response that can block or react to threats automatically. Detection runs from a central manager fed by lightweight agents on each host.
Extensive configuration lets you tune alert rules and plug in custom scripts, mapping checks to standards such as PCI-DSS and NIST 800-53. Agents cover Linux, Windows, and macOS, while the manager runs on Unix-like systems.
Key features
- Log analysis and log monitoring
- File integrity checking and monitoring
- Policy monitoring and rootkit detection
- Real-time alerting and active response
- Custom alert rules and scripts
Details
- First released
- 2013
- Platforms
- Linux · Windows · macOS
- Deployment
- self-hostable
- Monitoring
- HIDS · log analysis · SIM/SIEM
- License
- GPLv2
- Architecture
- Central manager · agents