Skip to content

muse117/auditd-attack

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

attack_map.png

attack_map.png

 
 

auditd-attack.rules

auditd-attack.rules

 
 

base_config.rules

base_config.rules

 
 

layer-2.json

layer-2.json

 
 

Repository files navigation

auditd-attack

A Linux Auditd rule set mapped to MITRE's Attack Framework

Disclaimer

Please ensure you test these rules prior to pushing them into production. This rule set is NOT meant to have all of its rules enabled all at once (although that'd be ideal) it is setup to serve as guidance toward increasing detection/hunting coverage.

WIKI

WIKI

Special Thanks To:

Eric Gershman

iase.disa.mil

cyb3rops

ugurengin

checkraze

auditdBroFramework

@MITREattack

TODO

  • Increase MITRE ATT&CK coverage
  • Test rules across multiple flavors of Linux
  • Determine performance impacts of the ruleset

About

A Linux Auditd rule set mapped to MITRE's Attack Framework

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published