June 6, 2018
Contact Us
Weekly Shorts are topics we discuss in our weekly remote meeting related to recent work we have done with our customers

One of the security concerns for servers is intrusion detection, or as it is often called Hostbased Intrusion Detection System (HIDS). A popular open-source tool for HIDS is OSSEC which includes all the possible rules and analysis you might need to detect anomalous or unauthorized access to your hosts, or strange activity such as changes in the system’s files under /bin for example.

While it is possible to install these rules directly on the hosts using configuration management systems like Ansible. It does not have to end there, detecting intrusions is just half of the work — having the data collected and visible is not less important. Visualising both the anomalous access and the normal pattern of access to hosts.

This is where Wazuh comes in. Wazuh is a simple server+agents system that makes sure OSSEC rules can be managed from one place, and all the data collected in a nice visualization dashboard display. But, most of your logs are already in ElasticSearch and Kibana! Do not worry, Wazuh is just an addon to Kibana and it stores all its logs in ElasticSearch as well.

A great and simple addition to secure your servers both in the cloud, and on-premise.

Evgeny Zislis
Co-Founder & CTO
Evgeny is our technology ‘capitan’, who brings simple solutions to complex problems to life for our clients. He has been helping developers become more productive and handling software packaging and deployment as well as production systems operations since 2004. He is passionate about doing things that have an impact on the bottom line, based on TOC methodology and applying DevOps to patterns and practices into any environment. He keeps himself busy organizing and speaking at meetups as well as presenting at various conferences as well as managing the Operations Israel online community on Facebook.