Yes, I run both in my environment and they are both security products but that's about where the similarities end. Ossec is a host based solution that monitors local activity with it's tree based rules engine, Metron is a distributed solution that handles large sets of data from many sources and a lot more. A possible connection between the two may be that ossec logs/alerts could be fed into Metron for enrichment, triage, alerting, and analysis.
I would recommend either reading the documentation for both of them in more detail, or spinning them both up to get a better handle on the differences. Jon On Thu, Dec 21, 2017, 00:34 moshe jarusalem <[email protected]> wrote: > Hi All, > I have come across OSSEC project and find it similar to metron. I am > confused a bit. > is anyone aware of Ossec and give some comparisons? > > Regards, > -- Jon
