GitHub - bfuzzy/auditd-attack: A Linux Auditd rule set mapped to MITRE's...

5 years ago

source link: https://github.com/bfuzzy/auditd-attack
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

README.md

auditd-attack

A Linux Auditd rule set mapped to MITRE's Attack Framework

Disclaimer

Please ensure you test these rules prior to pushing them into production. Also, events related to sudo and file creation / deletion types of events...etc can be fairly noisy during day-to-day operations and I reccomend you disable them if you're not prepared to handle a large corpus of events, but are needed for detection / hunting purposes.

Recommend

手机信号差一用户起诉中国电信索赔180元
限尺码:Nike 耐克官方 COURT BOROUGH MID WINTER AA0547 男子运动鞋低至291.75元（需...
新品发售:Lenovo 联想拯救者Y7000P 15.6英寸游戏笔记本电脑（i5-8300H、8GB、512GB、...
建设银行 X 京东快捷支付有礼满288-18元
smartisan 锤子科技坚果 R1 全网通智能手机 6GB+128GB 碳黑色 3299元包邮_顺电网上...
回顾2016年的一篇旧文，听听真正的国情战略学者的声音
多功能椅子的价格为什么这么贵？
笔记app在中国
精读 The Cost of JavaScript In 2018
.NET Core微服务之基于Apollo实现统一配置中心 - Edison Chou

About Joyk

Aggregate valuable and interesting links.
Joyk means Joy of geeK