Auditd Configuration Best Practices

0 (0)

The idea of this auditd configuration is to provide a basic configuration that works out-of-the-box on all major Linux distributions, fits most use cases, produces a reasonable amount of log data, covers security-relevant activity, and is easy to read with different sections and many comments. Sources: Gov.uk auditd rules, alphagov/puppet-auditd#1, CentOS 7 hardening, Linux audit repo, Auditd high-performance Linux auditing. Further rules for PCI DSS compliance and NISPOM compliance are available.

Security Operations

Free

linux security audit configuration pci-dss

ALTERNATIVES

Shuffle Automation

0 (0)

An automation platform with community support and documentation for easy development.

Security Operations

Free

automation cloud

INCIDENTS

0 (0)

Web-based tool for incident response with easy local installation using Docker.

Security Operations

Free

soc incident-response security-incident-response incident-analysis

Windows Commands Abused by Attackers

0 (0)

Malware allows attackers to execute Windows commands from a remote environment

Security Operations

Free

appsec malware security-tool remote-access windows-security appsec-tool

sysmon-modular

0 (0)

A Sysmon configuration repository for customizing Microsoft Sysinternals Sysmon configurations with modular setup.

Security Operations

Free

repository sysmon sysinternals configuration

Crowdstrike Charlotte AI

0 (0)

CrowdStrike Charlotte AI is a conversational AI assistant that accelerates security operations by automating tasks and providing faster intelligence through generative AI capabilities.

Security Operations

Commercial

automation security-operations workflow-automation integration ai machine-learning

CIRTKit

0 (0)

A DFIR console integrating various cybersecurity tools and frameworks for efficient incident response.

Security Operations

Free

automation dfir digital-forensics javascript memory-analysis incident-response volatility packet-analysis deobfuscation scripting