I'm looking for an informed opinion on the advantages of ossec in comparison to snort/tripwire/nessus
Therefore anyone shed any light on what features ossec brings that cant be replicated via tripwire (or iwatch) and snort, perhaps with nessus used also ? Particually in regards to PCI compliance sections 10 and 11.
Moreover, would the snort etc hybrid setup bring any features which are not present in ossec ?
This isn't a fair comparison as not all these products are doing the same thing.
Snort is a Network Intrusion Detection System.
ossec is a host-based network intrusion system as is tripwire and iwatch as they monitor file/filesystem/system integrity for changes and anomalies.
Nessus is Tenable's vulnerability scanner, which scans over the network, authenticating where it can (and has been provided credentials), looking for known vulnerabilities and potential misconfigurations against a large "feed".
I agree with the others that have posted, they have different goals in mind. Since your primary question seems to be about OSSEC I assume you are mostly looking for a centralized manager of sorts. OSSIM and Prelude are other options in that area, although I think OSSIM is a little nicer.
OSSIM ~ Prelude
Snorby is worth looking at in regards to Snort management and reporting.
Snorby
I found this page to be a (although slightly biased) good read as for as file system ID's are concerned.
A comparison of several host/file integrity monitoring programs
As far as I can tell, tripwire watches filesystem changes which OSSEC does as well. But OSSEC watches logs as well and has a long list of rules to identify and notify of abnormal activity. This rules are easy to define, so you can have your own local rules as well.
OSSEC has a central manager where you can control configuration and activity of agents.
OSSEC has rules for snort, so you can chain them together and use OSSEC to filter through snort alerts.
Regarding PCI monitoring, OSSEC can help analyze logs in a automated way.