One more release to keep the momentum going. Included the last work with the different_* option in the rules, along with MaxMind by default and new rules.
Changes with 2016-02 -Feature: Added different_geoip and different_srcip rule types. -Feature: Started to properly track the different_* usage so all logs have to be different. -Feature: Added sshd rules using different_geoip to track some types of behaviour anomalies. -Feature: Added rules to flag on shellshock activity. -Feature: Added frequency option to logcollector commands. You can now specify hourly, or daily or any number of seconds. -Feature: Added libgeoip from MaxMind by default and changed installation script to auto download the latest DB from them. -Bug fixed: Multiple signatures cleanup and more sane defaults chosen. -Deprecated: if_matched_regex as it was barely used and very slow.
You can download this release from: http://dcid.me/ossec
Full changelog: http://dcid.me/ossec-packages/CHANGELOG.txt