On 10/24/2011 06:01 AM, Michael Starks wrote:
This is the day we get to recount our experiences of how OSSEC has saved the day, or just saved us some scratch. People coming by later on who read these will get a sense for OSSEC and if it can work in their environment. What say you?
Ok, I'll bite. I have already told the story about how I came to use OSSEC and how it helped me to replace another commercial HIDs. I suppose I can update that by what I have been doing with OSSEC over the past couple of years.
At my previous employer, I was able to develop a service offering around OSSEC, particularly in the area of PCI. Because OSSEC is chrooted and modular, it was easy for me to customize it such that each customer could be segregated but still play nicely on the same hardware. I have documented some of these techniques in my blog posts, and of course there was a bit of secret sauce which I can't share. But the main stuff is out there.
