Ossec

What do you like best?

This tool gives us the ability to monitor our point of sale systems for intrusion and log this important data in order to remain in compliance with PCI-DSS standards. The ideal aspects of this tool are that you can easily deploy this to many clients and manage the monitoring for these clients centrally on the server. The best part is this software is free and open source. So all you have to supply is the hardware required to run this virtually.

What do you dislike?

There isn't a dashboard for this software. There used to be long ago when it was originally developed. Unfortunately there aren't many options for data visualization, so you're relying on email notification and log files on the server to look into potential threats. There was a plug-in for Splunk, but with recent version of OSSEC it appears that it's no longer supported. Supposedly you can do some visualization with Loki, Prometheus, and Grafana (other open source tools).

Recommendations to others considering the product:

As long as you're okay with creating your own dashboard or using the command line to view logging, then it's an excellent product.

What problems are you solving with the product? What benefits have you realized?

The only issues we've had is the lack of a dashboard. Otherwise the product functions as it should. The benefits of the product were simply that it gives us some visibility into potential threats on point of sale machines and makes us compliant.