Auditd Configuration Best Practices Logo

Auditd Configuration Best Practices

0
Free
Visit Website

The idea of this auditd configuration is to provide a basic configuration that works out-of-the-box on all major Linux distributions, fits most use cases, produces a reasonable amount of log data, covers security-relevant activity, and is easy to read with different sections and many comments. Sources: Gov.uk auditd rules, alphagov/puppet-auditd#1, CentOS 7 hardening, Linux audit repo, Auditd high-performance Linux auditing. Further rules for PCI DSS compliance and NISPOM compliance are available.

FEATURES

ALTERNATIVES

A robust and flexible hunt and incident response tool for investigating AzureAD, Azure, and M365 environments.

Darktrace is a cyber security solution that uses AI to detect and prevent cyber attacks in real-time.

TheHive is a case management platform for security operations teams that facilitates incident response, threat analysis, and team collaboration.

CBRX is a cloud-based platform that automates incident analysis and reporting for cybersecurity teams.

Modular SOAR implementation in Python for security orchestration, automation, and response.

Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.

An AI-powered security operations platform that automates alert investigation, triage, and response workflows for SOC analysts.

A Sysmon configuration file template with detailed explanations and tutorial-like features.

PINNED