I'm looking for an informed opinion on the advantages of ossec in comparison to snort/tripwire/nessus
Therefore anyone shed any light on what features ossec brings that cant be replicated via tripwire (or iwatch) and snort, perhaps with nessus used also ? Particually in regards to PCI compliance sections 10 and 11.
Moreover, would the snort etc hybrid setup bring any features which are not present in ossec ?
Best Answer
This isn't a fair comparison as not all these products are doing the same thing.
Snort is a Network Intrusion Detection System.
ossec is a host-based network intrusion system as is tripwire and iwatch as they monitor file/filesystem/system integrity for changes and anomalies.
Nessus is Tenable's vulnerability scanner, which scans over the network, authenticating where it can (and has been provided credentials), looking for known vulnerabilities and potential misconfigurations against a large "feed".