One of the security concerns for servers is intrusion detection, or as it is often called Hostbased Intrusion Detection System (HIDS). A popular open-source tool for HIDS is OSSEC which includes all the possible rules and analysis you might need to detect anomalous or unauthorized access to your hosts, or strange activity such as changes in the system’s files under /bin for example.
While it is possible to install these rules directly on the hosts using configuration management systems like Ansible. It does not have to end there, detecting intrusions is just half of the work — having the data collected and visible is not less important. Visualising both the anomalous access and the normal pattern of access to hosts.
This is where Wazuh comes in. Wazuh is a simple server+agents system that makes sure OSSEC rules can be managed from one place, and all the data collected in a nice visualization dashboard display. But, most of your logs are already in ElasticSearch and Kibana! Do not worry, Wazuh is just an addon to Kibana and it stores all its logs in ElasticSearch as well.
A great and simple addition to secure your servers both in the cloud, and on-premise.
Originally published at www.prodops.io.
