OSSEC

OSSEC is an Open Source Host-based Intrusion Detection System that runs on most Operating Systems. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response

It is simple to install and configure, so i will not provide the step by step installation guide but rather provide resources to get the installer and configuration documentation.

Here is their GitHub page:
https://github.com/ossec/ossec-hids

Configuration and agent management can all be found at these link;
https://www.ossec.net/docs/

Some other good resource are this book and this blog
OSSEC Host-Based Intrusion Detection Guide
By Rory Bray, Daniel Cid, Andrew Hay

Wazuh:
https://documentation.wazuh.com/2.0/user-manual/ruleset/getting-started.html

After successful installation, you can find it under ALL Programs in your windows OS startup menu

ossec

Sample alert

2018 Aug 09 01:06:22

Received From: ossectest->/var/log/secure
Rule: 5551 fired (level 10) -> "Multiple failed logins in a small period of time."
Portion of the log(s):

Aug  9 01:06:18 ossectest sshd[12330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cago.testlab.com  user= gandolf 
Aug  9 01:06:20 ossectest sshd[12331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cago.testlab.com  user= gandolf

OSSEC

Comments

Read Next

Cannot decrypt certificate-based client authentication

Packet Capture in Palo Alto firewalls

Comments

Subscribe to Vick

Read Next

Tags