Looking for a host-based IDS comparable to tripwire. Preferably one that allows centralized management. Right now I use tripwire and though it works management and reporting through a central server would be ideal. I'm looking for recommendations that have actually been used and not just google results. Thanks!
Security – Recommend alternative to tripwire
idsintrusion-detectionSecuritytripwire
Best Answer
We use OSSEC as HIDS and Splunk to analyze the results. OSSEC provides:
There is a free Splunk App, called Splunk for OSSEC which works great to manage OSSEC alerts (there are dashboards, queries, etc.). We use free Splunk.
You can also use the OSSEC WebUI, but it is much more limited.
To give you an idea of how it is, have a look at this screenshot.