Recommend alternative to tripwire?

security ids intrusion-detection tripwire

Solution 1:

We use OSSEC as HIDS and Splunk to analyze the results. OSSEC provides:

  • File integrity
  • Log monitoring
  • Rootkit detection
  • Configuration analysis

There is a free Splunk App, called Splunk for OSSEC which works great to manage OSSEC alerts (there are dashboards, queries, etc.). We use free Splunk.

You can also use the OSSEC WebUI, but it is much more limited.

To give you an idea of how it is, have a look at this screenshot.

Solution 2:

OSSec provides an IDS similar to Tripwire, amongst other host monitoring. It's centrally managed, with all the logs arriving into a single collector. If you've got a server to spare then you could also use OSSim which provides IDS as well as network monitoring and penetration testing tools.

Solution 3:

If you are using Windows systems, a good alternative to Tripwire is Verisys. Like Tripwire it does file integrity monitoring and has a central administration console for reporting etc, but it's a whole lot easier to use than Tripwire. And cheaper :)

It's Windows only though, so not much use if you are using Linux...

Related

Sql Server 2008 - Cannot connect to local default instance
Oracle 11gR2 exp does not export some tables
Difference between Subversion's checkin and import commands?
Does hitting this command in unix have a rate limit?
system monitoring software? [duplicate]
How to handle Puppet version differences between linux distributions
Amazon ec2 - how to setup?
Shell scripting and regex: Which one is better to match numbers, [[:digit:]] or [0-9]?
Is WordPress good for this? [closed]
maximum download limit
Why is my softphone not able to connect to Asterisk?
How to control multiple OpenVPN instances on the same server?