About go-audit is an alternative to the auditd daemon that ships with many distros. After having created an auditd audisp plugin to convert audit logs to json, I became interested in creating a replacement for the existing daemon. Goals: - Safe: Written in a modern language that is type safe and performant - Fast: Never ever ever ever block if we can avoid it - Outputs json: Yay - Pluggable pipelines: Can write to syslog, local file, Graylog2, or stdout. Additional outputs are easily written. Connects to the Linux kernel via netlink. Usage: - Installation: Install golang, version 1.14 or greater is required. Clone the repo, build the binary, and copy the binary go-audit to wherever you'd like. - Testing: Run unit test suite, code coverage results, benchmark test suite, benchmark test suite with CPU profiling, and benchmark test suite with CPU profiling and GC collection. - Running as a service: Check the contrib folder, it contains examples for how to run go-audit as a proper service on.
FEATURES
SIMILAR TOOLS
Webroot Endpoint Protection provides advanced cloud-based protection against malicious files, scripts, exploits, and URLs to keep businesses safe from cyberattacks.
Cisco Secure Endpoint is a cloud-native endpoint security solution that provides advanced protection and response to threats.
GravityZone is a unified endpoint security and analytics platform that provides risk assessment, threat prevention, and incident response capabilities.
Deep Instinct is a predictive prevention platform that uses deep learning to prevent unknown threats, including ransomware and zero-day malware, from infiltrating storage environments, applications, and endpoints.
A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.
A lightweight malware detection and removal tool that provides real-time protection against complex attacks while preserving system resources.
A static analysis framework for extracting key characteristics from various file formats
Event Log Explorer is a software solution for viewing, analyzing, and monitoring events recorded in Microsoft Windows event logs, offering advanced features and efficient filtering capabilities.
Microsoft Defender for Endpoint is a comprehensive endpoint security solution that provides industry-leading, multi-platform detection and response capabilities.