Open Source Host and Endpoint Security

Wazuh provides new detection and compliance capabilities, extending OSSEC core functionality.

Install Wazuh
Latest Rules

Piece_ELK_20_Icon Elastic Stack

Visualize, analyze and search your host IDS alerts. Elastic Stack is the combination of three popular Open Source projects for log management, known as Elasticsearch, Logstash and Kibana. Together they provide a real-time and user-friendly console for your OSSEC alerts.
OSSEC Wazuh integration with Elastic Stack comes with out-of-the-box dashboards for PCI DSS compliance and CIS benchmarks. You can do forensic and historical analysis of OSSEC alerts and store your data for several years, in a reliable and scalable platform.
Learn more

Piece_Rule_20_Icon Wazuh Ruleset for OSSEC

We have modified the existing OSSEC ruleset to increase threat detection capabilities, add functionality and expand OSSEC scope. It includes, among many others, compliance mapping with PCI DSS v3.1, CIS security controls and additional decoders and rules.
The Wazuh Ruleset is curated through the effort of a dedicated team and the help of the community. We encourage OSSEC users to contribute and/or request new rules and decoders.
Learn more

Piece_API_20_Icon OSSEC RESTful API

This service controls the OSSEC Manager using REST requests. RESTful interaction allows to execute OSSEC commands easily from your application (or using a web browser). Manage your environment via the API, including agent remote management, and the ability to extract rootcheck or syscheck information across large deployments. In addition, it integrates OSSEC with external systems.
Installation is easy and the footprint is small, in a NodeJS Express Package that implements HTTP authentication over SSL/TLS.
Learn more


OSSEC has great value for companies needing to comply with PCI DSS. It is currently being used for this purpose by thousands of companies, from large corporations to small internet stores.

Wazuh understands the importance of these regulations and will continue to develop and integrate OSSEC to comply with these requirements.

Learn more

PCI DSS Guide 3.1

This guide describes how OSSEC helps with each requirement.
Take a look

Network IDS integration

OwlHOwlH is an open source project that is born to help you manage network IDS at scale. Now, you can integrate Suricata IDS and Bro IDS alerts in your Wazuh single pane of glass.

OwlH provides PCI-DSS mapping for Network IDS alerts, as well as it provides Software TAP solution for Cloud Environments like AWS and GCLOUD

OwlH is a sister project of Wazuh, we can work with you in a PoC to demonstrate OwlH added value.

Learn more

OwlH will help with:

  • Network IDS integration with Wazuh HIDS
  • On-Premises Network IDS Management
  • Cloud Network IDS Software TAP
  • Network IDS Orchestration
  • PCI-DSS Alert Enrichment
  • and more

OSSEC Docker container

Run a standalone OSSEC manager container, or run it together with Elastic Stack.

Get started >>

Docker Hub

Puppet for OSSEC massive deployment

Use this module for automated deployments and remotely configuration of your agents.

Get started >>

Puppet Forge

About OSSEC HIDS project

OSSEC is an open source project started by Daniel Cid and was made public back in 2004. In 2009 Trend Micro acquired the OSSEC project keeping it open source and free.

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.

Visit OSSEC project website >>