OSSEC Extensions

Plugins to Extend the Capabilities of OSSEC

Intensity Analytics

TickStream logo TickStream.KeyID is a fully integrated Windows authentication security solution, like Windows Hello, that uses keystroke analytics to confirm identity at log in, protecting Windows 10 users against credential theft or misuse.

Compatible Products
OSSEC, OSSEC+, Atomic OSSEC

Free Trial   Download

Slack

Integrates OSSEC with Slack, allowing your OSSEC system to send alerts to your Slack workspace, specific channels, or specific users.

Compatible Products
OSSEC, OSSEC+, Atomic OSSEC

Download

Rule Generator

Generates OSSEC rules from other security products. For example, takes modsecurity rules and generates unique OSSEC rules for each modsecurity rule, allowing you to tune OSSEC for unique events, instead of treating all events from your WAF, IDS or other security product the same.

Compatible Products
OSSEC, OSSEC+, Atomic OSSEC

Download

KOFE

A a full GUI for OSSEC, based on Kibana and Elastic Search.

Compatible Products
OSSEC+, Atomic OSSEC

Instructions

As root, run:

oum install kofe
kofe setup
kofe list
kofe install kofe-compliance-dashboard

Demisto Integration

Integrates OSSEC with Palo Alto Demisto platform, providing a powerful alert in the SOAR environment.

Compatible Products
OSSEC+, Atomic OSSEC

Instructions
1) Install OSSEC+
2) As root, run

oum install deminsto

Unisys

Integrates OSSEC with Unisys Stealth platform, allowing your OSSEC deployment to isolate infected endpoints onto a secure isolated VLAN, to control microsegmentation.

Compatible Products
Atomic OSSEC

Instructions

Update Atomic OSSEC to version 6.0.7-16501 and higher. As root run:

aum -uf

Extension will show in GUI under Integrations menu on left side.

Cloudflare

Integrates OSSEC with Cloudflare, allowing your OSSEC hub to control firewall rules in Cloudflare, extending your security peremeter and preventing false positives.

Compatible Products
Atomic OSSEC

Instructions

Update AEO to version 6.0.7-16501 and higher. As root run:

aum -uf

Extension will show in GUI under Integrations menu on left side.