Gansert, Matthew A wrote: > Good morning list, > 6. Has anyone on this list (besides Daniel of course) utilized > commercial support available for OSSEC? How was your experience?
My company has had commercial support for 100 agents for just over a year. Here are some highlights, both good and bad (depending on perspective). 1. I haven't experienced any other company that is as responsive to enhancement requests. I have made several feature requests that have been added within a matter of *days*. But of course we always test thoroughly for functionality. These then get released for the entire community and everyone benefits. Compare this with our other commercial HIDs where the feature requests pretty much went into a black hole. 2. I have found bugs but the majority of them have not been show stoppers. Again, these are fixed quickly or a workaround has been provided. Personally, I would be more comfortable with a stable branch with bug fixes only rather than having to install snapshots. Companies generally don't like to install beta versions of software even if the quality may be superior to what other software considers release. 3. Support responses are always helpful. There have been a few cases of a delayed response but these issues were addressed. 4. The company is small. I like it because you get fast, competent, direct support and it has always been on the mark. You don't have to deal with level I, etc. On the other hand, smaller companies are not as stable as larger companies. If Daniel gets hit by a bus support may be affected. This is a calculated risk, IMHO. 5. To really increase Enterprise acceptance, the webui and reporting have to improve considerably. I basically just lost a round comparing OSSEC to a SIEM that was well over 100k. The other SIEM took months to get running and still doesn't work right. As to technical ability, OSSEC blows it away. But the first question my boss asked was, "Is there a reporting and management console?" Management likes GUIs. That's a fact of life. There are some other things that could be done to improve corporate acceptance, but this comes with time. So, to summarize, the technical quality of the software is excellent, the support quality is excellent but needs some improvement in terms of redundancy. I think OSSEC is a great solution for small-medium sized enterpises, non-profits and universities. HTH, Mike
