Ossec & Ossim Unified Open Source Security [ Top 50 Recommended ]

In a unified setup, OSSEC acts as the "eyes and ears" on individual machines, feeding its detailed findings into OSSIM for broader analysis.

Scrutinizing system and application logs for suspicious patterns.

Open Source Security Information Management by AlienVault (now AT&T Cybersecurity). It acts as a SIEM (Security Information and Event Management) platform that: OSSEC & OSSIM Unified Open Source Security

The "unified" approach relies on the specific strengths of each tool working in tandem:

Automatically blocking threats (e.g., firewalling a malicious IP) in real time. In a unified setup, OSSEC acts as the

Connects seemingly unrelated events from different sources to identify complex attack patterns.

Detecting unauthorized changes to critical system files. Rootkit Detection: Identifying hidden malicious software. In a unified setup

Collects events from OSSEC agents and other network tools (like Snort or OpenVAS).