Auditd Configuration Best Practices Logo

Auditd Configuration Best Practices

0
Free
Visit Website

The idea of this auditd configuration is to provide a basic configuration that works out-of-the-box on all major Linux distributions, fits most use cases, produces a reasonable amount of log data, covers security-relevant activity, and is easy to read with different sections and many comments. Sources: Gov.uk auditd rules, alphagov/puppet-auditd#1, CentOS 7 hardening, Linux audit repo, Auditd high-performance Linux auditing. Further rules for PCI DSS compliance and NISPOM compliance are available.

FEATURES

ALTERNATIVES

A GraphQL security testing tool

DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts.

A remediation orchestration platform that consolidates security alerts, automates triage, and streamlines the remediation process across hybrid environments.

Templates for incident response run-books tailored for AWS environments based on NIST guidelines.

TheHive is a case management platform for security operations teams that facilitates incident response, threat analysis, and team collaboration.

Incident Response Documentation tool for tracking findings and tasks.

A System for Abuse- and Incident Handling with log file analysis capabilities.

Automate security incident handling and facilitate real-time activities of incident handlers.