What is OSSEC?
OSSEC (Open Source HIDS SECurity) is an open-source host-based intrusion detection system (HIDS) that offers a broad range of features to enhance the security of various operating systems, including Linux, OpenBSD, FreeBSD, OS X, Solaris, and Windows. OSSEC is designed to meticulously analyze logs, perform integrity checks, monitor the Windows registry, detect rootkits, and provide time-based alerting and active response. This functionality is achieved through an endpoint security agent that is deployed onto the monitored systems and a management server that aggregates the data collected by the agents.
OSSEC's alerts and messages can be integrated seamlessly with the ServicePilot web interface in real-time using syslog. This provides security administrators with a centralized view of security events, simplifying the process of managing and responding to security threats. It also leverages other ServicePilot features such as advanced alerting, Machine Learning analytics, custom maps, dashboards, automated PDF reporting and more.
How to monitor OSSEC Syslog?
ServicePilot makes it very easy to OSSEC logs with minimal configuration required. Simply use the ServicePilot web interface to add a resource from the ServicePilot security-ossec package.
The security-ossec ressource then performs a pre-built search to count Ossec Events by severity and includes a template dashboard in order to automatically analyze data across Ossec Syslogs messages sent to ServicePilot.
The built-in dashboard displays Ossec events by types, top alert messages and signatures, as well as alert classifications over time.
Sending Ossec events with Syslog messages to ServicePilot provides a web based console to view Ossec events, with built-in customizable dashboards, alerts, PDF reports, as well as other ServicePilot software features such as marchine learning algorithms, tactical monitoring maps and custom searches.
How to install a ossec resource?
- Use your ServicePilot OnPremise installation or a SaaS account.
- Add a new ossec resource via the web interface (
/prmresources) or via API (
/prmpackagespage), the default ServicePilot agent or another agent will be provisioned automatically.
Details of the ossec package are located in the
/prmpackagespage of the software.
ServicePilot enables you to deliver IT services faster and more securely with automated discovery and advanced monitoring features.
By correlating the technology OSSEC with APM and infrastructure monitoring, ServicePilot is able to provide a more comprehensive view of an organization's IT environment.
This allows IT teams to quickly identify and diagnose issues that may be impacting application performance, and take corrective action before end-users are affected.