OSSEC (Open Source Security Event Correlator) was created in 2004-2006 by Daniel Cid as an open-source host-based intrusion detection system (HIDS). The project aimed to provide security monitoring for servers.
- 2006: First public release of OSSEC
- 2007: Growing adoption in the security community
- 2008: OSSEC 1.0 stable release
- 2010: Acquisition by Trend Micro
In 2010, Daniel Cid and the OSSEC project were acquired by Trend Micro. This era brought:
- Professional development resources
- Integration with Trend Micro products
- OSSEC 2.x series with enhanced features
- Commercial support options
In 2015, due to concerns about the direction of OSSEC under Trend Micro, key community members including Daniel Cid forked the project to create Wazuh:
- 2015: Wazuh fork created
- 2016+: Wazuh gained significant traction
- 2017: OSSEC 3.0 released (last major OSSEC release)
- 2020+: Wazuh became the more actively developed successor
| Year |
Version |
Notable Changes |
| 2006 |
0.3 |
Initial release |
| 2008 |
1.0 |
First stable release |
| 2010 |
2.0 |
Trend Micro acquisition |
| 2015 |
- |
Wazuh fork created |
| 2017 |
3.0 |
Last major OSSEC release |
- Written primarily in C, with Shell and Perl scripts
- Agent-server architecture
- Log analysis and correlation
- File integrity monitoring
- Rootkit detection
- Log analysis
- File integrity checking
- Rootkit detection
- Active response
- Vulnerability detection
- Configuration assessment
¶ Impact and Legacy
OSSEC’s contributions to security:
- Pioneered open-source HIDS: One of the first open-source host-based IDS
- Log analysis: Advanced log correlation capabilities
- Wazuh legacy: Inspired the more modern Wazuh platform
- Education: Helped establish host-based security monitoring practices
- OSSEC: Limited active development (maintenance mode)
- Wazuh: Active development with enterprise support
- Community: Many users migrated to Wazuh
- License: GPL-2.0
| Feature |
OSSEC |
Wazuh |
| First Release |
2006 |
2015 |
| Development |
Limited |
Active |
| Web UI |
No |
Yes |
| API |
Limited |
Full REST API |
| Integration |
Basic |
Elasticsearch, Kibana |
| Support |
Community |
Commercial + Community |