LOGIQ.AI can directly ingest security event logs from agents compatible with OSSEC (Open Source Security). OSSEC is a security solution that provides a number of capabilities to help secure cloud platforms.
In other words, OSSEC is a host-based intrusion detection system (HIDS) that can be used on a variety of platforms. It has an advanced correlation and analysis engine with log examination, file integrity monitoring, Windows registry monitoring, centralized policy enforcement, rootkit scanning, and real-time alerting/active response. It supports most operating systems including Linux, OpenBSD FreeBSD, Mac OS X Solaris, as well as Windows.
OSSEC is composed of three main components: the manager, the agent, and the local OSSEC server.
The manager oversees the agents, which monitor system activity and report back, the manager then compiles the agent reports, combines them with its own rules and tests, and alerts if there are any security issues.
The agents detect changes or anomalies in the data flow that could signify a malicious attack such as worms, viruses, hacking tools, and more.
The local OSSEC server is responsible for analyzing the data from the agents and taking appropriate action depending on the type of attack detected.
LOGIQ.AI takes over the functions of the manager and the local OSSEC server, making it easy to bring together security-related events into your data fabric for instant consumption.
Following are some of the critical OSSEC features:
- LIDs (log-based intrusion detection) actively monitor and assess data from several log data points in real time.
- Analysis at the process and file level to find malicious software and rootkit.
- Respond in real-time to attacks and modifications to the system using a variety of mechanisms, such as firewall rules, integration with 3rd parties like CDNs and support portals, as well as self-healing activities.
- Application and system-level audits for compliance with numerous widely used standards, including PCI-DSS and CIS benchmarks.
- File Integrity Monitoring (FIM) keeps a forensic duplicate of the data as it changes over time in addition to detecting changes to the system for both files and windows registry settings.
The logiq platform utilizes OSSEC capabilities in the following ways:
- Intrusion Detection and Prevention: OSSEC includes an Intrusion Detection System (IDS) that can detect and prevent unauthorized access to cloud infrastructure. It uses a rule-based system to monitor network traffic and identify malicious activity.
- File Integrity Monitoring: OSSEC can monitor the integrity of files on a cloud platform to detect any changes that may indicate a security breach. It can detect modifications to system files, configuration files, and application files.
- Log Management: OSSEC can collect and analyze log data from cloud infrastructure to identify security threats. It can correlate log data from multiple sources and generate alerts for suspicious activity.
- Compliance Management: OSSEC can help organizations comply with security standards such as PCI-DSS, HIPAA and SOC2.
- Real-time Alerts: OSSEC can provide real-time alerts for security breaches and suspicious activity, allowing organizations to quickly respond to potential threats.
- Centralized Management: OSSEC can be used to manage and monitor multiple cloud platforms from a single console, providing a centralized view of security across an organization’s cloud environment.