Skip to content

secureonelabs/bosss-xdr

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39,631 Commits
.github
.github
 
 
apis
apis
 
 
architecture
architecture
 
 
docker
docker
 
 
docs
docs
 
 
etc
etc
 
 
extensions
extensions
 
 
framework
framework
 
 
integrations
integrations
 
 
packages
packages
 
 
ruleset
ruleset
 
 
src
src
 
 
tests/integration
tests/integration
 
 
tools
tools
 
 
.clang-format
.clang-format
 
 
.clang-tidy
.clang-tidy
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
.ruff.toml
.ruff.toml
 
 
ATTRIBUTION.md
ATTRIBUTION.md
 
 
BUGS
BUGS
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CONFIG
CONFIG
 
 
CONTRIBUTORS
CONTRIBUTORS
 
 
INSTALL
INSTALL
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
VERSION.json
VERSION.json
 
 
gen_ossec.sh
gen_ossec.sh
 
 
install.sh
install.sh
 
 
logo.png
logo.png
 
 
upgrade.sh
upgrade.sh
 
 

Repository files navigation

BOSSS XDR

BOSSS XDR

Based on Wazuh, an open source security platform.

BOSSS XDR is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments.

The BOSSS XDR solution consists of an endpoint security agent, deployed to the monitored systems, and a management server, which collects and analyzes data gathered by the agents. It integrates with OpenSearch, providing a search engine and data visualization tool that allows users to navigate through their security alerts.

Capabilities

A brief presentation of some of the more common use cases of the BOSSS XDR solution.

Intrusion detection

BOSSS XDR agents scan the monitored systems looking for malware, rootkits and suspicious anomalies. They can detect hidden files, cloaked processes or unregistered network listeners, as well as inconsistencies in system call responses.

In addition to agent capabilities, the server component uses a signature-based approach to intrusion detection, using its regular expression engine to analyze collected log data and look for indicators of compromise.

Log data analysis

BOSSS XDR agents read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage. When no agent is deployed, the server can also receive data via syslog from network devices or applications.

The rules help make you aware of application or system errors, misconfigurations, attempted and/or successful malicious activities, policy violations and a variety of other security and operational issues.

File integrity monitoring

BOSSS XDR monitors the file system, identifying changes in content, permissions, ownership, and attributes of files that you need to keep an eye on. In addition, it natively identifies users and applications used to create or modify files.

File integrity monitoring capabilities can be used in combination with threat intelligence to identify threats or compromised hosts. In addition, several regulatory compliance standards, such as PCI DSS, require it.

Vulnerability detection

BOSSS XDR agents pull software inventory data and send this information to the server, where it is correlated with continuously updated CVE (Common Vulnerabilities and Exposure) databases, in order to identify well-known vulnerable software.

Automated vulnerability assessment helps you find the weak spots in your critical assets and take corrective action before attackers exploit them to sabotage your business or steal confidential data.

Configuration assessment

BOSSS XDR monitors system and application configuration settings to ensure they are compliant with your security policies, standards and/or hardening guides. Agents perform periodic scans to detect applications that are known to be vulnerable, unpatched, or insecurely configured.

Incident response

BOSSS XDR provides out-of-the-box active responses to perform various countermeasures to address active threats, such as blocking access to a system from the threat source when certain criteria are met.

Regulatory compliance

BOSSS XDR provides some of the necessary security controls to become compliant with industry standards and regulations. These features, combined with its scalability and multi-platform support help organizations meet technical compliance requirements.

Cloud security

BOSSS XDR helps monitoring cloud infrastructure at an API level, using integration modules that are able to pull security data from well known cloud providers, such as Amazon AWS, Azure or Google Cloud.

In addition, BOSSS XDR provides rules to assess the configuration of your cloud environment, easily spotting weaknesses.

Containers security

BOSSS XDR provides security visibility into your Docker hosts and containers, monitoring their behavior and detecting threats, vulnerabilities and anomalies. The agent has native integration with the Docker engine allowing users to monitor images, volumes, network settings, and running containers.

Documentation

Security

If you discover a security vulnerability, please send an email to security@secureonelabs.com. Please do not open a public issue.

License

This project is licensed under the GNU General Public License v2.0.

Attribution

This project is based on Wazuh, which is licensed under GPLv2. See ATTRIBUTION.md for details.

Copyright (C) 2015, Wazuh Inc. Copyright (C) 2024, SecureOneLabs

About

Wazuh - The Open Source Security Platform

wazuh.com/

Resources

Readme

License

View license

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

69 tags

Packages

 
 
 

Contributors

Languages

  • C++ 64.5%
  • Python 31.7%
  • Shell 1.4%
  • CMake 0.9%
  • Makefile 0.6%
  • Gherkin 0.4%
  • Other 0.5%