go-audit
About go-audit is an alternative to the auditd daemon that ships with many distros. After having created an auditd audisp plugin to convert audit logs to json, I became interested in creating a replacement for the existing daemon. Goals: - Safe: Written in a modern language that is type safe and performant - Fast: Never ever ever ever block if we can avoid it - Outputs json: Yay - Pluggable pipelines: Can write to syslog, local file, Graylog2, or stdout. Additional outputs are easily written. Connects to the Linux kernel via netlink. Usage: - Installation: Install golang, version 1.14 or greater is required. Clone the repo, build the binary, and copy the binary go-audit to wherever you'd like. - Testing: Run unit test suite, code coverage results, benchmark test suite, benchmark test suite with CPU profiling, and benchmark test suite with CPU profiling and GC collection. - Running as a service: Check the contrib folder, it contains examples for how to run go-audit as a proper service on.
FEATURES
ALTERNATIVES
Kunai is a Linux-based system monitoring tool that provides real-time monitoring and threat hunting capabilities.
Microsoft Defender for Endpoint is a comprehensive endpoint security solution that provides industry-leading, multi-platform detection and response capabilities.
Deep Instinct is a predictive prevention platform that uses deep learning to prevent unknown threats, including ransomware and zero-day malware, from infiltrating storage environments, applications, and endpoints.
CrowdStrike Falcon Insight XDR is an AI-powered endpoint detection and response solution that provides comprehensive protection, visibility, and automated response capabilities.
MetaDefender Cloud offers advanced threat prevention using technologies like Multiscanning, Deep CDR, and Sandbox.
Toolkit for building custom minimal, immutable Linux distributions with secure defaults.
Monitor WMI consumers and processes for potential malicious activity
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.