OSSEC Tripwire HIDS experiences

[Jeff Moore <mail () JEFFMOORE COM>]

Hi there folks!

    Just wanted to check with you all and see if any of you are doing
server or client side HIDS. We are slowly deploying OSSEC. I was always a
big Tripwire fan and have been really impressed with OSSEC and how much it
has expanded. The LIDS piece as well as the active blocking(We aren't bold
enough to do this yet. on servers...) really turns this into a great tool.
    Of course my opinion of the tool is based on past tripwire exposure and
on limited test implementations of OSSEC. I have not run it for an extended
period of time on a large group of servers/clients. Because of this I would
just like to see what peoples experiences have been with this tool or other
similar tools.
    We really appreciate all your opinions and any information you can give
us. The more the better.

    Side note. On our clients several years ago we went from Trend to
Sophos( [?] ) which basically removed the HIDS and other tools that Trend
had built into their agent. The funny thing was when we called Sophos to
ask if they had any active blocking tools built into their AV client(like
Trend) they simply said "Wow that would be a really good feature!". So we
have been lacking on client side HIDS etc.

Thanks for any experience you can share!!!!

-- 
Jeff Moore
Desk (503) 877-4707 <https://www.google.com/voice?pli=1#phones>
Cell (503) 9 <https://www.google.com/voice?pli=1#phones>10-0756
Mail () JeffMoore com