Host-based IDS OSSEC 2.5 released

The OSSEC team announced the general availability of OSSEC version 2.5.

What’s new?

  • Added support for “report_changes” on syscheck to show what was changed in the file modification alert.
  • Added support for cdb lists inside the rules.
  • Added support for drop-in rules and decoders directory.
  • Added a Rule unit testing framework (in python) and inside logtest
  • Added support for a generic multi-line log reader.
  • Added granular Windows rules.
  • Added option to restrict integrity checking to a set of files.
  • Added alias option to the command monitoring.
  • Added silent switch for windows installer.
  • Added variable expansion in command output monitoring.
  • Fixed several Windows installer bugs.

For more information on OSSEC read our interview with the project founder.

Don't miss