OSSEC – Host-based Intrusion Detection System for the active incident response


OSSEC (Open Source HIDS Security) is a free, open-source host-based intrusion detection system (HIDS). OSSEC has a powerful correlation and analysis engine, integrating log analysis, file integrity monitoring, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.

OSSEC Features

Log based Intrusion Detection (LIDs)

Actively monitors and analyzes data from multiple log data points in real-time.

Compliance Auditing

Application and system level auditing for compliance with many common standards such as PCI-DSS, and CIS benchmarks.

System Inventory

Collects system information, such as installed software, hardware, utilization, network services, listeners and other information.

File Integrity Monitoring (FIM)

For both files and windows registry settings in real time not only detects changes to the system, it also maintains a forensic copy of the data as it changes over time.

Active Response

Respond to attacks and changes on the system in real time through multiple mechanisms including firewall policies, integration with 3rd parties such as CDN’s and support portals, as well as self-healing actions.

Rootkit and Malware Detection

Process and file level analysis to detect malicious applications and rootkits.

Atomic Enterprise OSSEC

Atomic Ossec is the enterprise version with additional features to add on to simplify and manage the agents in GUI consoles.


Previous articleImportant Skills Required for Soc analyst from beginners to advanced level
Next articleCache Poisoning – Detection and Response
Balaganesh is a Incident Responder. Certified Ethical Hacker, Penetration Tester, Security blogger, Founder & Author of Soc Investigation.


Please enter your comment!
Please enter your name here