Our great sponsors
-
OSSEC
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
-
Wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
It's been a long time since I tried using OSSEC but maybe that would help. It's a Host-based IDS, rather than a network based IDS like Snort. Last time I checked you could point it towards your logs and it will parse them offline similar to how Snort can read a PCAP file.
Wazuh is another HIDS that's variant of OSSEC. ELK would probably help too.
Related posts
- Free EDR solutions
- Help: Dashboard installation failing with "can't read etc/opensearch_dashboards.yml no such file or directory"
- Is there a work around for the Wazuh-agent installer issue with Debian 12?
- Wazuh installation assistant - Indexer installation
- "INFO: Could not connect to API id [default]: 3099 - ERROR3099 - Invalid credentials" after fresh install