I started using Ossec around version 1.4 several years ago. At that time my present employer had nothing for HID or event monitoring. Being a non-profit, money was tight, so I started out by building a Nagios/Ossec/MRTG Network Monitoring Server. The fact that Ossec was open source and free allowed me to really get really into it as there were no costs hold me back. The environment is mainly windows on the server side and Cisco on the network side. From the moment Ossec/Nagios started up, my department went from being reactive to proactive in all areas, this immediately turned into HAPPY END USERS!!! Numerous issues were detected right away and fixed, in the past the issue would occur then my team would have to poke around to find out where it was originating from and address the issue.
Outside of work, I have been able to do "security consultation" based off my experience with Ossec. It has allowed me to help other IT departments deploy there own very inexpensive, very flexible "Monitoring Device" (Nagios and Ossec). It has given control back to IT staff. There are lots of Commercial big dollar devices that some IT budgets just cannot afford, Ossec has helped out tremendously in my travels. Hope I have shared a story that others can relate to!! -- Derek
