Auditd Configuration Best Practices
The idea of this auditd configuration is to provide a basic configuration that works out-of-the-box on all major Linux distributions, fits most use cases, produces a reasonable amount of log data, covers security-relevant activity, and is easy to read with different sections and many comments. Sources: Gov.uk auditd rules, alphagov/puppet-auditd#1, CentOS 7 hardening, Linux audit repo, Auditd high-performance Linux auditing. Further rules for PCI DSS compliance and NISPOM compliance are available.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Shuffle Automation provides an open-source platform for security orchestration, automation, and response.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
SOARCA is an open-source SOAR platform that automates security incident response workflows using standardized CACAOv2 playbooks and multiple integration interfaces.
A community repository of workflow templates for the Ayehu NG platform that enables automated IT and business process execution.
Open-source security automation platform for automating security alerts and building AI-assisted workflows.
Shuffle is a platform for automating security workflows with confidence, offering templates, collaboration tools, and a large app library.
Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.
A community-driven repository and development framework for creating custom automation activities within the Ayehu NG IT orchestration platform.
PINNED
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.