From OSSEC Wiki

Contents 1 2007 June 01 - OSSEC Presentations at AusCERT/Confidence 2 2007 May 16 - OSSEC Version 1.2 is available 3 2007 May 07 - OSSEC Logo chosen 4 2007 Mar 28 - OSSEC WUI version 0.2 is available 5 2007 Mar 12 - OSSEC Version 1.1 is available 6 2007 Mar 08 - OSSEC Overview Presentation 7 2007 Jan 15 - OSSEC Version 1.0 is available 8 2006 Oct 20 - OSSEC Version 0.9-3 is available 9 2006 Sep 23 - OSSEC Version 0.9-2 is available 10 2006 Sep 01 - New ossec2mysql 11 2006 Aug 15 - Multiple project news. 12 2006 Aug 07 - More OSSEC docs and articles. 13 2006 Aug 01 - OSSEC at a SANS webcast.

2007 June 01 - OSSEC Presentations at AusCERT/Confidence

During the month of May Daniel Cid went to AusCERT and Confidence to talk about OSSEC
(i.e. Log analysis using OSSEC). On both presentations he mentioned LIDS (Log-Based intrusion detection),
and provided an overview of the ossec architecture and how to write decoders and rules.

If you want to learn a bit more about ossec, take a look at them.

**Note that both presentations are very similar, but the AusCERT one is a bit more organized,
so recommended to be read first.

• OSSEC at AusCERT (Log-based Intrusion detection using OSSEC).
• OSSEC at Confidence (Log analysis using OSSEC).

by Daniel Cid - perm link

2007 May 16 - OSSEC Version 1.2 is available

We are pleased to announce the availability of OSSEC version 1.2. This
new version comes with lots of new features, including:

• Support for OpenBSD PF logs.
• Support for compiled (c-based) decoders.
• New options for composite rules: "srcport", "dstport", "same_src_port", "same_dst_port" and "same_location".
• Additional granular e-mail options. We added "sms" format output and many other options. More information: http://www.ossec.net/dcid/?p=75
• Support for Zeus WebServer logs.
• Support for daily/chained checksum of alert logs. More information: http://www.ossec.net/wiki/index.php/Know_How:LogSign

We also completed a large re-design of the internal architecture of analysisd
(ossec process responsible for decoding and analysis), greatly improving
performance and organization.

A list with all the new functionality and bug fixes is available at the Changelog.

Make sure to check, as well, our web interface (in beta) for monitoring your
logs and ossec alerts.

Download the new version (and the web interface) here.

by Daniel Cid - perm link

2007 May 07 - OSSEC Logo chosen

Our logo/mascot contest has just finished and we have a winner (and a brand new logo)!
The Winner is Andres Armeda from Applied Watch with the following design:

We also want to thank all the other designs that were sent to us, and say that they were all great! We really appreciate the contribution.

You can see all the submissions at the Contest Results page and here.

by Daniel Cid - perm link

2007 Mar 28 - OSSEC WUI version 0.2 is available

We are pleased to announce the release of the first non-BETA version of the OSSEC web interface (v0.2).
This version contains the following features and bug fixes:

• Added real time monitoring to the search page.
• Added support for paginated search results.
• Added "Log Format" as an option to allow searches based on the
log format.
• Added integrity checking page to allow monitoring of changed files/registry entries.
• Fixed category of the integrity checking group wich was incorrectly classified as authentication.
• Added account_changed category.
• Added location pattern in the event search ui. It allows alerts
to be searched on a per agent basis (or per log). (Suggested by Black CryptoKnight <black_cryptoknight at yahoo.com>).
• Added current date and time on each screen as a reference for events.
(Suggested by jalal <the.jalal at gmail.com>).
• Fixed the pattern and user fields to make sure they are used during a search.
(Bug report by Michael Starks).

An installation guide is available here: Installation Tutorial
Download information here: OSSECWUI

by Daniel Cid - perm link

2007 Mar 12 - OSSEC Version 1.1 is available

We are pleased to announce the availability of OSSEC version 1.1. This new version
comes with numerous bug fixes and new features, including support for:

• Microsoft IIS 6
• Cisco VPN concentrator
• Cisco PIX VPN AAA
• Cisco FWSM
• Solaris 10/OpenBSD "su" logs.
• Granular e-mail alerting options

We also created a new Windows agent installer and added more advanced log analysis rules
options.

A list with all the new functionality and bug fixes is available at the Changelog.

Make sure to check, as well, our web interface (in beta) for monitoring your
logs and ossec alerts.

Download the new version (and the web interface) here.

by Daniel Cid - perm link

2007 Mar 08 - OSSEC Overview Presentation

Michael Williams sent to us a copy of his excelent presentation "OSSEC Overview".
You can download it in the .swf format from here and the .ppt from here

Thanks Michael for the contribution!

by Daniel Cid - perm link

2007 Jan 15 - OSSEC Version 1.0 is available

OSSEC version 1.0 is now publicly available. This version comes with numerous
new features, including support for:

• Registry monitoring on Windows
• Dynamic/nat'ed IP addresses in the server/agent communication
• ASL (Apple system log)
• Lotus domino
• Symantec AV
• Windows RAR

A full list with all the functionatilies and bug fixes are available at the Changelog.

Make sure to check, as well, our new web interface (in beta) for monitoring your
logs and ossec alerts.

Download the new version (and the web interface) here.

by Daniel Cid - perm link

2006 Oct 20 - OSSEC Version 0.9-3 is available

This new release comes with lots of surprises to the Windows users. First,
support for Microsoft Exchange, Microsoft FTP and Windows firewall were
added. Second, the Windows agent was refined and lots of bugs were fixed.

We also ported OSSEC to run on HP-UX and improved the rules for modsecurity,
sendmail, PIX and Named.

Download it here. Changelog here.

by Daniel Cid - perm link

2006 Sep 23 - OSSEC Version 0.9-2 is available

This new release comes with numerous bug fixes and new features.
It includes the new agent/server communication channel, support for
better agent control, new rules for vpopmail, modsecurity and windows.
It also has the new list_agents tool and the monitor daemon..

Download it here. Changelog here.

by Daniel Cid - perm link

2006 Sep 01 - New ossec2mysql

Ossec2Mysql was replaced for parallel script ossec2base. Users
that tried in the past ossec2base will not notice any difference.
New files are already in CVS under contrib.

by Meirm

2006 Aug 15 - Multiple project news.

Version 0.9-1 is available. It includes numerous bug fixes and a few new features.

Download it [here]. Changelog [here].

Meir Michanie also released an alpha version of the Ossec2Base tool, which allows

[Base] to view ossec alerts. More information [here]. Download it from /files/ossec2base/ossec-ui-0.1.tar.gz here.

by Daniel Cid - perm link

2006 Aug 07 - More OSSEC docs and articles.

Peter Steevensz and Ruurd Bakker from [secquard.nl] wrote
a very good document on how to install ossec on FreeBSD and on Windows. Available [here].

OSSEC was also reviewed at [linux.com] by [Joe Barr] with some great feedback (slashdot, newsforge, etc).

2006 Aug 01 - OSSEC at a SANS webcast.

Mike Poor (SANS instructor, founder of [Intelguardians] and a highly recognized security expert),
will be talking about ossec in the next SANS webcast. Looks like it is going to be very nice.

Access it at [sans.org].