Host-based IDS OSSEC 2.5 released

The OSSEC team announced the general availability of OSSEC version 2.5.

What’s new?

• Added support for “report_changes” on syscheck to show what was changed in the file modification alert.
• Added support for cdb lists inside the rules.
• Added support for drop-in rules and decoders directory.
• Added a Rule unit testing framework (in python) and inside logtest
• Added support for a generic multi-line log reader.
• Added granular Windows rules.
• Added option to restrict integrity checking to a set of files.
• Added alias option to the command monitoring.
• Added silent switch for windows installer.
• Added variable expansion in command output monitoring.
• Fixed several Windows installer bugs.

For more information on OSSEC read our interview with the project founder.