OSSEC (and its fork
Wazuh) is an open-source HIDS providing log analysis, FIM, rootkit detection, active response, and compliance reporting. Widely used in SOC environments.
Wazuh extends OSSEC with vulnerability management, cloud security monitoring, and Elastic Stack integration. Both are free. Wazuh has become more actively maintained. Use for endpoints that commercial EDR can't cover (old Linux servers, network devices).