Open Source Security Information Management by AlienVault (now AT&T Cybersecurity). It acts as a SIEM (Security Information and Event Management) platform that:
Detecting unauthorized changes to critical system files. Rootkit Detection: Identifying hidden malicious software. OSSEC & OSSIM Unified Open Source Security
Collects events from OSSEC agents and other network tools (like Snort or OpenVAS). OSSEC & OSSIM Unified Open Source Security
Connects seemingly unrelated events from different sources to identify complex attack patterns. OSSEC & OSSIM Unified Open Source Security
Scrutinizing system and application logs for suspicious patterns.