Inspect all host activity for signs of suspicious behavior.

Request a DemoRead the Docs

Monitor OSSEC logs to gain complete security visibility into host activity with Panther’s OSSEC integration.

OSSEC is an open-source, host-based intrusion detection software (HIDS) to monitor and control your systems. Panther can collect, normalize, and monitor OSSEC logs to help you identify suspicious activity in real time. Your normalized data is then retained to power future security investigations in a data lake powered by AWS or the cloud-native data platform, Snowflake.

Use Panther’s built in rules to monitor activity, or write your own detections in Python to fit your internal business use cases.

Use Cases

Common security use cases for OSSEC with Panther include:

  • Monitoring suspicious logs and operational anomalies
  • Monitoring syslog data
  • Monitoring user activity such as failed logins and other user-related events

How it Works

The integration is simple and fast:

  • Configure OSSEC to send log data to either Amazon S3 or SQS
  • Add your S3 Bucket or SQS Queue as a data source in Panther
  • Panther will parse, normalize, and analyze your log data in real-time
  • As detections are triggered, alerts are sent to your configured destinations
  • Normalized logs are retained in a data lake to power investigations with Panther’s Data Explorer

Learn more about Panther's supported log schema for OSSEC.