Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2009-02-28 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

OSSEC Version 2 available!

Published: 2009-02-28
Last Updated: 2009-03-01 01:03:52 UTC
by Rick Wanner (Version: 2)
0 comment(s)

A reader wrote in to inform us that OSSEC version 2.0 has been released.  I haven't had a chance to play around with it yet, but I am looking forward to it.  It appears there is a bunch of new functionality.

From the OSSEC website...

"* Compiled Rules - Per popular demand, we are introducing the capability in the product to be able to use pre-compiled rules written in “C”. Customers who felt that the XML format for writing rules was very limiting, can now use the strong programming capabilities of C.
* Agentless Monitoring - Lot of enterprises are faced with the requirement to monitor devices where there are restrictions on Agents to be installed either because of scalability requirements or due to the lack of the native operating system support. In version 2.0, Ossec customers can perform integrity checking and real time logs inspection on remote systems (such as Linux based devices, firewall devices such as PIX and routers etc).
* New Language Support - We added support for the Dutch language in the install
* New Log Rules Support - We added support for Yum logs and fixed/improved many of the other rules for different messages.
* New reporting tool - We added a new tool to create and help generate reports"

For those of you who are not aware of OSSEC it is an open source log analysis tool that runs on Linux/Unix and Windows and provides file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
 

-- Rick Wanner rwanner at isc dot sans dot org

Keywords: OSSEC
0 comment(s)
Diary Archives