The Future of OSSEC

It has been awhile since the last release of OSSEC and some users wonder if the project is really still active. Well, I am here to tell you that not only is it active, but it has been the most active it has ever been!

So, what have we been up to? As we prepare for the next beta release, which will happen in September, there has been lots going on:

  1. We have been actively searching for uncommitted patches they may have been overlooked. Some of these are over a year old and have been contributed by other users. They fix bugs which have been lingering for awhile.
  2. We have been dusting off rules and decoders that some of us have forgotten to contribute. Many of these are designed to decode additional fields, which should make rules more accurate.
  3. Documentation is being worked on. Dan Parriott has done a wonderful job of writing and maintaining most of the documentation. It gets better all the time. Of course, Dan appreciates tickets and contributions against the doumentation.
  4. Of course, there are new features. I won’t let the cat out of the bag yet, but I think many of them are pretty cool.

The end result is that we hope this will be the most stable and usable version of OSSEC yet. And we hope you’ll try it out and report any issues.

As to the next release after that? Expect big changes that fundamentally change the philosophy of OSSEC. Expect it to have more insight and context about attacks, with dynamic updates designed to have more up-to-date information on a much more frequent basis.

Posted in Intrusion Detection, Log Analysis Tagged with:
6 comments on “The Future of OSSEC
  1. Beau says:

    Awesome!

    I’m here to tell YOU that I think you, OSSEC and everyone who has anything to do with it is are all awesome!

    Thanks for what you do!

    I’m no expert, but I find OSSEC fascinating, as well as extremely useful.

  2. Floyd says:

    Any word on when the OSSEC site will be back up?

  3. Nls73m says:

    Where is Daniel? Is he still working on ossec? Is he at trendmicro still? No upgrade in a year?

    • Daniel was eaten by a giant Smurf.

      Actually, he is still around–just busy with his new gig at Sucuri, I guess. He is less active in OSSEC these days but still on the team. We have been very active recently. Check out the beta and let us know what you think.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>