Skip to content
/ auditd-attack Public
forked from bfuzzy/auditd-attack

A Linux Auditd rule set mapped to MITRE's Attack Framework

License

MIT license
0 stars 131 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jameschen79/auditd-attack

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

attack_map.png

attack_map.png

 
 

auditd-attack.rules

auditd-attack.rules

 
 

layer-2.json

layer-2.json

 
 

Repository files navigation

auditd-attack

A Linux Auditd rule set mapped to MITRE's Attack Framework

Disclaimer

Please ensure you test these rules prior to pushing them into production. Also, events related to sudo and file creation / deletion types of events...etc can be fairly noisy during day-to-day operations and I reccomend you disable them if you're not prepared to handle a large corpus of events, but are needed for detection / hunting purposes.

Special Thanks To:

Eric Gershman

iase.disa.mil

cyb3rops

ugurengin

checkraze

auditdBroFramework

About

A Linux Auditd rule set mapped to MITRE's Attack Framework

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published