The idea of this auditd configuration is to provide a basic configuration that works out-of-the-box on all major Linux distributions, fits most use cases, produces a reasonable amount of log data, covers security-relevant activity, and is easy to read with different sections and many comments. Sources: Gov.uk auditd rules, alphagov/puppet-auditd#1, CentOS 7 hardening, Linux audit repo, Auditd high-performance Linux auditing. Further rules for PCI DSS compliance and NISPOM compliance are available.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Shuffle Automation provides an open-source platform for security orchestration, automation, and response.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
SOARCA is an open-source SOAR platform that automates security incident response workflows using standardized CACAOv2 playbooks and multiple integration interfaces.
A community repository of workflow templates for the Ayehu NG platform that enables automated IT and business process execution.
Open-source security automation platform for automating security alerts and building AI-assisted workflows.
Shuffle is a platform for automating security workflows with confidence, offering templates, collaboration tools, and a large app library.
Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.
A community-driven repository and development framework for creating custom automation activities within the Ayehu NG IT orchestration platform.