I'm going through the purgatory which is PCI compliance right now and the fact that PCI DSS point 11.4 is not mentioned in your PCI outline located here:
http://www.ossec.net/ossec-docs/ossec-PCI-Solution.pdf has led the powers to be to believe that 11.4 is not covered by OSSEC. The requirement does not specifically mention NIDS vs HIDS. How is this interpreted? I assume to be fully covered, it would require a combination of OSSEC and a NIDS, such as snort. Does this make sense? -jeremy
