OSSEC v2.5 released

We are very happy to announce the availability of OSSEC version 2.5.

This has been a long release cycle (5 months), but it comes out pretty stable and with many new features. We also had many contributors, showing how much our community is growing and getting stronger. In addition to that, our documentation and manual has been moved to http://www.ossec.net/doc/ .

What is new?

Added support for “report_changes” on syscheck to show what was changed in the file modification alert.
Added support for cdb lists inside the rules.
Added support for drop-in rules and decoders directory.
Added a Rule unit testing framework (in python) and inside logtest
Added support for a generic multi-line log reader.
Added granular Windows rules.
Added option to restrict integrity checking to a set of files.
Added alias option to the command monitoring.
Added silent switch for windows installer.
Added variable expansion in command output monitoring.
Fixed several windows installer bugs.

And a lot more. Check the full change log here.

Download the new version from http://www.ossec.net/main/downloads

*Special thanks to Jeremy Rossi, Dan Parriott, Scott R. Shinn and Michael Starks for the many contributions, patches and tests.

Posted in ossec releases by Daniel Cid (dcid)

Daniel Cid Research

In this section you will find some of my research, project and articles. Look around and if you have any questions, reach out.

My companies

If you want to check out my current companies:

* CleanBrowsing
* Trunc
* NOC.org

And my other projects.

Latest articles

Latest articles from my blog.

2021-12-16
log4j honeypot logs - jndi exploit

2021-11-14
DNS Database repository available

2021-10-11
CleanBrowsing Anycast Network is Growing

2021-06-11
1st degree BJJ blackbelt

2020-09-02
Decentralize the web - again

2020-06-11
Mastodon Instance - noc.social

2019-03-20
OSSEC conference - 2019 - The untold story of OSSEC

2017-01-19
WordPress Performance Optimization Guide

2016-04-07
OSSEC v2016-04: Improving detection

2016-02-03
OSSEC v2016-02: New rules options + GeoIP by default

2015-12-30
OSSEC v2015-12: GeoIP + Integratord

2015-02-02
Sudo: The most misused security tool ever

2014-10-26
The S in HTTPS does not equal to a secure site

2014-10-09
Indicators of Compromised Behavior (IOCd-B)

2013-06-20
Always assume the worst

2013-05-12
How to get start contributing to an open source project

2013-04-19
Using your phone SMS as 2FA

2013-03-16
Sucuri WAF - Not your traditional WAF

2012-05-09
OSSEC rule for the PHP-CGI vulnerability

2012-05-08
Database Logging (PostgreSQL and MySQL)

2012-04-21
Setting up OSSEC - Step by step guide

2011-10-25
3WoO: Alerting on DNS (IP Address) changes

2011-09-21
Detecting outdated (web) applications with OSSEC

2011-05-26
Improved reporting for file changes on OSSEC

2011-04-05
Running multiple OSSEC decoders on the same event

2011-02-11
Blocking repeated offenders with OSSEC

2011-02-01
What is a good password?

2011-01-19
Automatically creating and setting up the agent keys for OSSEC

2010-10-20
OSSEC Award daemon

2010-10-19
How to contribute to OSSEC

2010-09-27
OSSEC v2.5 released

2010-04-01
OSSEC v2.4 released

2010-03-11
OSSEC Alerting when a log or output of a command changes

2010-02-09
New member of the OSSEC team: Priscila Cid

2009-12-07
OSSEC v2.3 released

2009-11-05
Process monitoring with OSSEC

2009-08-21
Q&A: OSSEC interview with Daniel Cid

2009-06-12
Compiling the Windows Agent from a Linux system

2009-02-27
OSSEC v2.0 released

2009-01-02
OSSEC book as Best Book Bejtlich Read in 2008

2008-07-25
Sending OSSEC alerts via syslog

2008-06-17
Third Brigade acquires OSSEC

2008-05-01
OSSEC v1.5 released

2008-01-24
Ugliest application logs ever

2008-01-23
OSSEC book is out

2007-12-18
Syslog - Last message repeated X times (rant)

2007-09-05
OSSEC at the 'Own the Box' competition

2007-08-20
Bruce Schneier on log analysis

2007-07-12
OSSEC switching to GPLv3

2007-06-29
Hidden ports on Linux

2007-06-06
Remote log injection paper

2007-06-02
OSSEC Presentations at AusCERT/Confidence

2007-05-01
Daily/Chained checksum of OSSEC alerts

2007-04-10
OSSEC performance testing (v2)

2007-03-18
New member of the OSSEC team: Davi Cid

2007-01-10
Security monitoring with your Logs

2007-01-09
2006 OSSEC download numbers

2006-11-13
Logging authentication events from Cisco IOS

2006-05-02
Log analysis for intrusion detection

2006-03-20
Analysis of SSH brute force attacks

Contact us!

Do you have an idea for an article that is not here? See something wrong? Contact us at realpeople@noc.org

Tired of price gouging

Clear pricing. No need to guess. Real people. Real logging.