Hello Group,
We are trying to make a decision on a FIM product, and would like to go with OSSEC for obvious reasons. What I do not know is what we would miss compared to tripwire. We currently don’t have lot of resources to manage the solution, and we are looking at 200 nodes initially with plans to grow up to 500+. We are forced to make a quick decision with less than a weeks time, and so don not have lot of time for testing. So, if you could please provide input on below items with respect to OSSEC, that would be really helpful: 1. Ease of Management: Managing and deploying agents to 500+ servers. Updating rules and agent upgrades. We’d have a one or two person dedicated team working on this part eventually, but initially we wouldn’t have any dedicated resources for this. 2. Development of rules (Only FIM): How much does it have to be customized? and does it get updated rules often? Again, I don’t know how much of a plug and play solution tripwire is. So, a comparison in terms of quality of out of box rules would be helpful. Initially we wouldn’t have dedicated personnel writing our own rules, and so this is more important. 3. Areas monitored and type of files monitored: Do both solutions monitor same kind of files, or do we miss amount of coverage with ossec compared to tripwire. I believe what ossec does as sys check, tripwire calls it change monitoring? But, in terms of which directories and the kind of files ossec monitors, is it missing anything or the default locations are good enough? Any feedback is appreciated! Thank you. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
