We often get customers that prefer to use OSSEC as an endpoint detection, FIM agent. Regardless of what SIEM is in place, a lot of them have OSSEC integration. Alienvault in particular also has the ability to fully integrate and control OSSEC agents. Regardless if you are using OSSEC on a SIEM, standalone, or another method - the biggest pain for mass deployment in an organization is the ability to automatically provision agents. The way OSSEC works is by first installing OSSEC as a server, then deploying the agents. The agents require a key from the server in order to pair appropriately to the server to transmit logs.
read more →