I am not trying to start a flame war here - just trying to get a better sense of direction no how to best protect my network. Does anyone know what the advantage to using OSSEC HIDS over Snort is?
I have been playing with OSSEC quite successfully for the past week in a demo environment, but it seems to have stopped sending email alerts sometime last evening. I thought since I would have to do a bunch of rebuilding that I might give other products a shot. I need to monitor Windows and Cisco devices and like the aggregation of data and alerting functions within OSSEC. Does anyone have experiences with other products that they would be willing to share? Marty This electronic mail (including any attachments) may contain information that is privileged, confidential, and/or otherwise protected from disclosure to anyone other than its intended recipient(s). Any dissemination or use of this electronic email or its contents (including any attachments) by persons other than the intended recipient(s) is strictly prohibited. If you have received this message in error, please notify us immediately by reply email so that we may correct our internal records. Please then delete the original message (including any attachments) in its entirety. Thank you.
