I intend to set up OSSEC and noticed there seem to be two main flavours: regular *OSSEC* and *Wazuh* fork.
>From what I've been able to gather, the main advantages of Wazuh are: - its ability to integrate with ELK - an improved ruleset - restful API I have no interest in using ELK for this project, but we already have a preexisting graylog instance that I'd like to hook up with OSSEC, which should be possible in regular OSSEC using syslog cef format, according to this: https://github.com/Graylog2/graylog-guide-ossec. I assume I can still use the improved ruleset even if I run regular OSSEC, atleast I haven't seen anything that indicates otherwise. As for the restful API, I'm still very inexperienced and I've only recently heard about REST - I don't even know how I would begin putting it to use - so I'm not sure if I should use the Wazuh fork just for that. The objective is to run OSSEC agents on the machines in our cloud environment and point them to an OSSEC Server in a machine that's already being used for log management and monitoring on the same network . Are there any other advantages to running Wazuh instead of regular OSSEC? Is there much of a performance difference? Anything else I should take into consideration? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
