Elastic Stack integration

 Search, analyze and visualize your OSSEC alerts

OSSEC + Logstash, Elasticsearch and Kibana

OSSEC is an Open Source HIDS solution with file integrity checking capabilities. It can be used to detect intrusions, software misuse, rootkits or weak security configurations among other things. It heavily relies on log message decoders and rules for a signature-based detection approach. Because of its high reliability and flexibility, it is being used by large and small companies to improve their systems security and increase visibility.

Elastic Stack is the combination of three popular Open Source projects for log management, known as Elasticsearch, Logstash and Kibana.

  • Elasticsearch is a highly scalable full-text search and analytics engine.
  • Logstash is a tool to collect logs, parse them, and store them for later use.
  • Kibana is a flexible and intuitive visualization dashboard.

OSSEC HIDS integration with Elastic Stack provides a real-time alerts management console, as well as an scalable and flexible way to store data for as long as needed.

OSSEC + Elastic features

This integration provides a real-time and user-friendly console for your OSSEC alerts. Great features comes with this console, some of them are:

  • Search engine and filters to find specific alerts.
  • Interactive visualization capabilities.
  • Store your alerts for several years.
  • PCI Requirements tooltips.
  • CIS/PCI DSS Compliance dashboards.
  • Visualization of alerts geolocation and timeline.
  • Check alert level evolution.
  • Charts with aggregated information for detailed analysis.
  • File integrity changes visualizations.

PCI DSS Compliance Dashboard

OSSEC HIDS can be used to become compliant with PCI DSS, specially because of the intrusion detection, file integrity monitoring and policy enforcement capabilities. This dashboard will make use of OSSEC rules mapping with the compliance controls, showing useful information to identify which systems are not fully compliant with the regulation.

Get started >>