Auditd attack
A Linux Auditd rule set mapped to MITRE's Attack Framework
**auditd attack** is A Linux Auditd rule set mapped to MITRE's Attack Framework The project is distributed under the MIT License license, first published in 2018. Key topics include: attack-detection, auditd, linux, mitre-attack, threat-hunting.
auditd-attack
A Linux Auditd rule set mapped to MITRE's Attack Framework
Disclaimer
Please ensure you test these rules prior to pushing them into production. This rule set is NOT meant to have all of its rules enabled all at once (although that'd be ideal) it is setup to serve as guidance toward increasing detection/hunting coverage.
WIKI
Special Thanks To:
TODO
- Increase MITRE ATT&CK coverage
- Test rules across multiple flavors of Linux
- Determine performance impacts of the ruleset
Contributors
Showing top 1 contributor by commit count.
Related Repositories
stamparm/maltrail
Malicious traffic detection system
antonioribeiro/firewall
Firewall package for Laravel applications
duggytuxy/Data-Shield_IPv4_Blocklist
Data-Shield IPv4 Blocklist Community provides an official, curated registry of IPv4 addresses identified as malicious. Updated continuously, this resource offers vital threat intelligence to bolster your Firewall and WAF instances,...
talsec/Free-RASP-Community
SDK providing threat detection & security monitoring for mobile devices. Works with Flutter, React Native, Android and iOS. Shield your app with free RASP. Detect reverse engineering, root (Magisk), jailbreak, Frida, emulators, bots, tampering and integrity issues, obfuscation, VPN usage, malware, and monitor device identification and fingerprint.
Elemental-attack/Elemental
Elemental - An ATT&CK Threat Library
DefensiveOrigins/AtomicPurpleTeam
Atomic Purple Team Framework and Lifecycle