Elastic Security SIEM
Modern, cost-efficient SIEM with years of searchable data.
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Unified host-based intrusion detection, log analysis, and response platform
OSSEC provides comprehensive host-based intrusion detection, file integrity monitoring, log analysis, rootkit detection, policy compliance, and real-time alerting with active response capabilities for diverse environments.
OSSEC is a comprehensive host‑based intrusion detection system that combines file integrity monitoring, log analysis, rootkit detection, policy compliance checks, and real‑time alerting with active response capabilities. It is written in C and supports a wide range of Unix‑like operating systems as well as Windows agents, making it suitable for heterogeneous environments.
The manager can be installed on a dedicated server or container, while agents are deployed on each monitored host. Configuration is performed through plain‑text XML files, allowing fine‑grained rule definition and integration with external SIEMs via syslog or API. Community support is available through Slack, Discord, and the project’s GitHub repository, and regular releases are published on the official website.
Typical users include security analysts, system administrators, and compliance officers who need a low‑cost solution for continuous monitoring. OSSEC’s modular architecture allows integration with existing ticketing systems and custom response scripts, enabling automated containment of threats across the infrastructure.
When teams consider OSSEC, these hosted platforms usually appear on the same shortlist.
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
Detect unauthorized file changes
Immediate alerts when critical system files are modified, enabling rapid investigation.
Identify brute‑force SSH attacks
Correlates log entries to flag repeated login failures and triggers block actions.
Maintain PCI‑DSS compliance
Monitors required security controls and generates reports to satisfy audit requirements.
Automated malware containment
Rootkit detection triggers active response scripts that isolate the affected host.
OSSEC runs on most Unix‑like systems (Linux, BSD, macOS) and provides agents for Windows.
Alerts can be sent via email, syslog, or integrated with external SIEMs through its API.
OSSEC includes a web UI called Wazuh (a fork) but the core project provides a command‑line interface; third‑party dashboards are available.
Yes, Dockerfiles are provided, allowing deployment of the manager and agents in containers.
The repository does not specify a license (NOASSERTION), so review the source for licensing details before commercial use.
Project at a glance
StableLast synced 4 days ago
