What is Ossec and what are its top alternatives?
Top Alternatives to Ossec
- osquery
osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes. ...
- Splunk
It provides the leading platform for Operational Intelligence. Customers use it to search, monitor, analyze and visualize machine data. ...
- Wazuh
It is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance. ...
- Snort
It is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows to detect emerging threats. ...
- ELK
It is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana. Elasticsearch is a search and analytics engine. Logstash is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a "stash" like Elasticsearch. Kibana lets users visualize data with charts and graphs in Elasticsearch. ...
- Fail2ban
It is an intrusion prevention software framework that protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper. ...
- OpenSSL
It is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. ...
- Let's Encrypt
It is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG). ...
Ossec alternatives & related posts
osquery
related osquery posts
- API for searching logs, running reports3
- Alert system based on custom query results3
- Dashboarding on any log contents2
- Custom log parsing as well as automatic parsing2
- Ability to style search results into reports2
- Query engine supports joining, aggregation, stats, etc2
- Splunk language supports string, date manip, math, etc2
- Rich GUI for searching live logs2
- Query any log as key-value pairs1
- Granular scheduling and time window support1
- Splunk query language rich so lots to learn1
related Splunk posts
I use Kibana because it ships with the ELK stack. I don't find it as powerful as Splunk however it is light years above grepping through log files. We previously used Grafana but found it to be annoying to maintain a separate tool outside of the ELK stack. We were able to get everything we needed from Kibana.
We are currently exploring Elasticsearch and Splunk for our centralized logging solution. I need some feedback about these two tools. We expect our logs in the range of upwards > of 10TB of logging data.
- Well documented2
- Open-source2
related Wazuh posts
Considering a migration from AlienVault USM to Wazuh. Has anyone done this? Success? Failure? Lessons Learned?
Snort
related Snort posts
ELK
- Open source13
- Can run locally3
- Good for startups with monetary limitations3
- External Network Goes Down You Aren't Without Logging1
- Easy to setup1
- Json log supprt0
- Live logging0
- Elastic Search is a resource hog5
- Logstash configuration is a pain3
- Bad for startups with personal limitations1
related ELK posts
Docker Docker Compose Portainer ELK Elasticsearch Kibana Logstash nginx
related Fail2ban posts
OpenSSL
related OpenSSL posts
Our whole DevOps stack consists of the following tools:
- GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
- Respectively Git as revision control system
- SourceTree as Git GUI
- Visual Studio Code as IDE
- CircleCI for continuous integration (automatize development process)
- Prettier / TSLint / ESLint as code linter
- SonarQube as quality gate
- Docker as container management (incl. Docker Compose for multi-container application management)
- VirtualBox for operating system simulation tests
- Kubernetes as cluster management for docker containers
- Heroku for deploying in test environments
- nginx as web server (preferably used as facade server in production environment)
- SSLMate (using OpenSSL) for certificate management
- Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
- PostgreSQL as preferred database system
- Redis as preferred in-memory database/store (great for caching)
The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:
- Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
- Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
- Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
- Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
- Scalability: All-in-one framework for distributed systems.
- Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.
- Open Source SSL48
- Simple setup32
- Free9
- Microservices9
- Easy ssl certificates0