David Bianco recently spoke about OSSEC at the SANS Log Management Summit 2007, with the presentation: “How to Save $45k (and Look Great Doing it)”.
Quoting his blog entry reviewing the summit:
On Tuesday morning, I gave my own presentation, “How to Save $45k (and Look Great Doing it).” This is the story of how we bought a commercial SEM product, only to find that it didn’t really do what we wanted, and replaced it with the free OSSEC. Bad on us for not having our ducks in a row at first, I know. To be totally honest, it wasn’t so easy to get up in front of 100 people and say, “You know, we made this really expensive mistake”, but sometimes you have to sacrifice for the greater good. ;-)
He also mentions Mike Poor’s presentation, “Network Early Warning Systems: Mining Better Quality Data from Your Logging Systems”, where Mike speaks about OSSEC in many of his slides. Mike’s presentation is available as well there.