OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS (host-based intrusion detection), log monitoring and SIM/SIEM together in a simple, powerful and open source solution.

This fork provides compliance support, extended logging, and additional management features. These capabilities are required for the integration with ELK Stack and OSSEC Wazuh RESTful API (also included in this repository).

Wazuh team is currently supporting OSSEC enterprise users, and decided to develop and publish additional modules as a way to contribute back to the Open Source community. Find below a list and description of these modules:

• OSSEC Wazuh Ruleset: Includes compliance mapping with PCI DSS v3.1, CIS and additional decoders and rules. Users can contribute to this rule set by submitting pull requests to our Github repository. Our team will continue to maintain and update it periodically.

• OSSEC Wazuh fork with extended JSON logging capabilities, for easy integration with ELK Stack and third party log management tools. The manager also include modifications in OSSEC binaries needed by the OSSEC Wazuh RESTful API.

• OSSEC Wazuh RESTful API: Used to monitor and control your OSSEC installation, providing an interface to interact with the manager from anything that can send an HTTP request.

• Pre-compiled installation packages, both for OSSEC agent and manager: Include repositories for RedHat, CentOS, Fedora, Debian, Ubuntu and Windows.

• Puppet scripts for automatic OSSEC deployment and configuration.

• Docker containers to virtualize and run your OSSEC manager and an all-in-one integration with ELK Stack.

• Full documentation
• OSSEC Wazuh fork installation guide

• master branch on correspond to the last OSSEC Wazuh stable version.
• development branch contains the latest code, be aware of possible bugs on this branch.

If you want to contribute to our project please don't hesitate to send a pull request. You can also join our users mailing list, by sending an email to [email protected], to ask questions and participate in discussions.

• Modified version of Zlib and a small part of OpenSSL (SHA1 and Blowfish libraries).
• OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
• Cryptographic software written by Eric Young ([email protected]).
• Software developed by the Zlib project (Jean-loup Gailly and Mark Adler).
• Software developed by the cJSON project (Dave Gamble).
• Node.js (Ryan Dahl).
• NPM packages Body Parser, Express, HTTP-Auth and Moment.

• Daniel Cid, who started the OSSEC project.
• OSSEC core team members.
• OSSEC developers and contributors.

OSSEC Copyright (C) 2015 Trend Micro Inc. (License GPLv2)

• Wazuh website
• OSSEC project website