One more release to keep the momentum going. Included the last work with the different_* option in the rules, along with MaxMind by default and new rules.
Key ones from Changelog:
Changes with 2016-02
-Feature: Added different_geoip and different_srcip rule types.
-Feature: Started to properly track the different_* usage so all logs have to be different.
-Feature: Added sshd rules using different_geoip to track some types of behaviour anomalies.
-Feature: Added rules to flag on shellshock activity.
-Feature: Added frequency option to logcollector commands. You can now specify hourly, or daily or any number of seconds.
-Feature: Added libgeoip from MaxMind by default and changed installation script to auto download the latest DB from them.
-Bug fixed: Multiple signatures cleanup and more sane defaults chosen.
-Deprecated: if_matched_regex as it was barely used and very slow.
You can download this release from:
https://dcid.me/ossec
Full changelog:
http://dcid.me/ossec-packages/CHANGELOG.txt