Security monitoring
How to monitor OSSEC?


ServicePilot security-ossec


What is Ossec ?

OSSEC (Open Source HIDS SECurity) is a free, open-source host-based intrusion detection system (HIDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. It provides intrusion detection for most operating systems, including Linux, OpenBSD, FreeBSD, OS X, Solaris and Windows. Ossec solution consists of an endpoint security agent, deployed to the monitored systems, and a management server, which collects data gathered by the agents.

Ossec may be configured to send alerts to syslog. Those messages can be sent to the ServicePilot web interface in real-time by syslog for centralized analysis.

Ossec Syslog monitoring

This package performs a pre-built search to count Ossec Events by severity and includes a template dashboard in order to automatically analyze data across Ossec Syslogs messages sent to ServicePilot.

The built-in dashboard displays Ossec events by types, top alert messages and signatures, as well as alert classifications over time.

Sending Ossec events with Syslog messages to ServicePilot allows to get a web based console to view Ossec events, with built-in custumizable dashboards, alerts, PDF reports, as well as other ServicePilot software features such as marchine learning algorithms, tactical monitoring maps and custom searches.