Connects seemingly unrelated events from different sources to identify complex attack patterns.
In a unified setup, OSSEC acts as the "eyes and ears" on individual machines, feeding its detailed findings into OSSIM for broader analysis.
The "unified" approach relies on the specific strengths of each tool working in tandem:
An open-source Host-based Intrusion Detection System (HIDS). It sits on your servers and endpoints to perform: