Intrusion Detection with OSSEC

Abstract

The purpose of this thesis was to study the way of intrusion detection with OSSEC. The first chapter was the theoretical part where my understanding of OSSEC and its components was introduced. The chapter was divided to multiple sections explaining OSSEC’s fork Wazuh and how it can be used with Elastic Stack to enhance monitoring and add features to OSSEC. The second chapter started by setting up testing machines using Google Cloud and an Infrastructure as a Code tool called Terraform. Next, Wazuh installation was done automatically using Ansible as a configuration management tool. In the final section of Chapter 2, Wazuh’s important features were evaluated on two virtual machines.The motivation to write this thesis was derived from being in a position to monitor many servers for any security issues. Therefore host-based intrusion detection was the best choice to comply to security policies specifically. This study is useful for companies interested in monitoring every single activity on a host and taking actions accordingly.