Facing confusion on OSSEC and Wazuh #11507

rohan0017 · 2023-10-11T04:53:52Z

rohan0017
Oct 11, 2023

Q1] On security onion Alerts page I am seeing alerts from OSSEC module, I know that wazuh is a fork of OSSEC. But I have never seen alerts from wazuh module(as it is also a part of Security onion).

Q2] Why both Wazuh and OSSEC are there in Security onion, is it because Wazuh has more good features than OSSEC.

Can we change the event.module name from ossec to wazuh?

Can anyone help me understand whether there is any type of connection between both, or they are individual components.

Answered by dougburks

Oct 13, 2023

Q1] On security onion Alerts page I am seeing alerts from OSSEC module, I know that wazuh is a fork of OSSEC. But I have never seen alerts from wazuh module(as it is also a part of Security onion).

Wazuh is a fork of OSSEC but it still uses the OSSEC name in many places.

Q2] Why both Wazuh and OSSEC are there in Security onion, is it because Wazuh has more good features than OSSEC.

It's not that we include both Wazuh and OSSEC, we only include Wazuh but it still uses the OSSEC name in many places.

Please note that we no longer include Wazuh (or OSSEC) as of Security Onion 2.4. We've announced the End Of Life date for Security Onion 2.3 (which includes Wazuh/OSSEC support), so you shou…

View full answer

dougburks · 2023-10-13T10:49:39Z

dougburks
Oct 13, 2023
Maintainer

Q1] On security onion Alerts page I am seeing alerts from OSSEC module, I know that wazuh is a fork of OSSEC. But I have never seen alerts from wazuh module(as it is also a part of Security onion).

Wazuh is a fork of OSSEC but it still uses the OSSEC name in many places.

Q2] Why both Wazuh and OSSEC are there in Security onion, is it because Wazuh has more good features than OSSEC.

It's not that we include both Wazuh and OSSEC, we only include Wazuh but it still uses the OSSEC name in many places.

Please note that we no longer include Wazuh (or OSSEC) as of Security Onion 2.4. We've announced the End Of Life date for Security Onion 2.3 (which includes Wazuh/OSSEC support), so you should start making plans to migrate to 2.4 now:
https://blog.securityonion.net/2023/10/6-month-eol-notice-for-security-onion-23.html

4 replies

rohan0017 Oct 13, 2023
Author

Is it possible to change the event.module name from ossec to wazuh(just curious)? If not why not.

rohan0017 Oct 13, 2023
Author

Yes I am planning to migrate to Security Onion 2.4. Can I know what happens to Security Onion 2.3 after it reaches EOL.

dougburks Oct 13, 2023
Maintainer

Is it possible to change the event.module name from ossec to wazuh(just curious)? If not why not.

You might be able to make this work, but it's not something that we recommend or support.

Yes I am planning to migrate to Security Onion 2.4. Can I know what happens to Security Onion 2.3 after it reaches EOL.

Once Security Onion 2.3 reaches EOL, it will no longer be maintained or supported.

rohan0017 Oct 16, 2023
Author

Thank you very much for the answers.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Facing confusion on OSSEC and Wazuh #11507

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment 4 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Facing confusion on OSSEC and Wazuh #11507

Uh oh!

Uh oh!

rohan0017 Oct 11, 2023

Replies: 1 comment · 4 replies

Uh oh!

dougburks Oct 13, 2023 Maintainer

Uh oh!

rohan0017 Oct 13, 2023 Author

Uh oh!

rohan0017 Oct 13, 2023 Author

Uh oh!

dougburks Oct 13, 2023 Maintainer

Uh oh!

rohan0017 Oct 16, 2023 Author

rohan0017
Oct 11, 2023

Replies: 1 comment 4 replies

dougburks
Oct 13, 2023
Maintainer

rohan0017 Oct 13, 2023
Author

rohan0017 Oct 13, 2023
Author

dougburks Oct 13, 2023
Maintainer

rohan0017 Oct 16, 2023
Author