ODIN Security Log based on CentOS 7, Wazuh and ELK
ODIN Security Log Server is a product based on Open Source products. It consists of an installation bundle based on CentOS 7 with integrated Wazuh (http://www.wazuh.com) HIDS system for intrusion detection and automatic log analysis. It also features a powerful log analysis tool, ELK which is short for Elasticsearch, Logstash, Kibana (http://www.elastic.co). ELK provides search and filter functions as well as a very customizable web based graphical user interface for viewing logs, statistics, traffic profiles, etc.
ODIN also has an option which integrates Snort NIDS engine into ODIN with simple tools developed by Enguild for management, supervision and rules installation. Due to licensing issues, no rules are bundled so it is up to the end customer to obtain a license for an applicable ruleset.
ODIN uses SELinux role based access to differ between predefined roles for management and log analysis and separates access to resources based on very strict SELinux policies. ODIN is also compliant with smartcard login based on PKCS#11.
The third-party tools are integrated with custom made components in the ODIN concept which together constitues a powerful and easily managaged log analysis and intrusion detection platform which meets the highest requirements for security, such as military/government use.
ODIN is a complete installation that includes a custom installation for operating system, applications and all security configurations. It integrates out-of-the-box with all syslog-compliant units as well as Windows based systems using custom built agents. This means that it is compatible with all Linux/Unix-based, most network equipment as well as Windows-systems. In the event that you have a platform that is not supported, the custom agents can probably be converted to support these platforms as well.
When the automatic analysis identifies potential threats using the rules configured in Wazuh, a security alarm is issued. This alarm is visible on the user Desktop but it is also possible to signal to an external alarm using a USB-relay if your ODIN Security Log is connected via a unidirectional link or using standard email or SNMP traps if your log server is connected via a bidirectional standard Ethernet connection.
Since ODIN Security Log is based on several different licenses these are all applicable for customer use of ODIN Security Log. See License page for more information.