go-audit
About go-audit is an alternative to the auditd daemon that ships with many distros. After having created an auditd audisp plugin to convert audit logs to json, I became interested in creating a replacement for the existing daemon. Goals: - Safe: Written in a modern language that is type safe and performant - Fast: Never ever ever ever block if we can avoid it - Outputs json: Yay - Pluggable pipelines: Can write to syslog, local file, Graylog2, or stdout. Additional outputs are easily written. Connects to the Linux kernel via netlink. Usage: - Installation: Install golang, version 1.14 or greater is required. Clone the repo, build the binary, and copy the binary go-audit to wherever you'd like. - Testing: Run unit test suite, code coverage results, benchmark test suite, benchmark test suite with CPU profiling, and benchmark test suite with CPU profiling and GC collection. - Running as a service: Check the contrib folder, it contains examples for how to run go-audit as a proper service on.
FEATURES
SIMILAR TOOLS
Comprehensive cybersecurity platform for hybrid and multi-cloud environments
Kunai is a Linux-based system monitoring tool that provides real-time monitoring and threat hunting capabilities.
A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.
A comprehensive utility that shows what programs are configured to run during system bootup or login, and when you start various built-in Windows applications.
A free, fast, and flexible multi-platform IOC and YARA scanner for Windows, Linux, and macOS.
Heimdal Enterprise provides a unified cybersecurity platform with advanced network and endpoint security solutions, including threat hunting and privileged access management.
AhnLab PLUS is a unified security platform providing comprehensive cybersecurity solutions for businesses.
A lightweight malware detection and removal tool that provides real-time protection against complex attacks while preserving system resources.
CrowdStrike Falcon is a unified cybersecurity platform providing complete protection through its AI-native XDR platform.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.