A Linux Auditd rule set mapped to MITRE's Attack Framework
-
Updated
Oct 10, 2023
A Linux Auditd rule set mapped to MITRE's Attack Framework
Proof-of-Concept to evade auditd by writing /proc/PID/mem
Ansible role to install auditbeat for security monitoring. (Ruleset included)
Proof-of-Concept to evade auditd by tampering via ptrace
It includes all the configurations of Elastic stack and especially for Auditd. These fundamental configurations will help to set up the Elastic stack up and running.
Add a description, image, and links to the auditd-attack topic page so that developers can more easily learn about it.
To associate your repository with the auditd-attack topic, visit your repo's landing page and select "manage topics."