On Mon, 18 Oct 2010 07:35:52 -0500, Michael Starks <[email protected]> wrote: > This is the day we get to recount our experiences of how OSSEC has saved
> the day, or just saved us some scratch. People coming by later on who > read these will get a sense for OSSEC and if it can work in their > environment. What say you? I started with OSSEC several years ago (pre 1.o). At the time, I was having a lot of problems with the commercial HIDs we were using. It was buggy, didn't provide a lot of value, and cost us about $100 per host. I started to look for alternatives, both commercial and free. Most of the free solutions I found lacked most of the requirements I had: namely, a managable, distributed infrastructure and multiple platform support. OSSEC was the only solution in the free software world to meet those requirements, so I thought I would give it a try. I played with it at home for about six months before recommending that we start a pilot project at work. The pilot went very well. We were able to integrate it with our central syslog server in short order. I actually had to take a few steps back and only integrate a few logs at a time so I could do some tuning as I went. That project saved us about $54,000 (USD) over five years. Later, when my company merged with another one, I found that OSSEC provided more value than the SIEM they were using, which they had a large investment in. Since moving on from that company, I have had the opportunity to use and develop OSSEC in multiple environments. Whenever I can, I contribute those improvements back to the project so everyone else can benefit. My only regret is that I cannot devote more time to it. I stick around and contribute largely because of the attitudes in the OSSEC community. There is no developer elitism and everyone remains respectful. In my opinion, this is the proper environment to nurture a free software project. I learn a lot from everyone and have made some great contacts in the infosec community because of the following. That's pretty much it. Don't be shy. Jump in with your blurb about how you use OSSEC. -- [I] Immutable Security Information Security, Privacy and Personal Liberty http://www.immutablesecurity.com
