Implement file access monitoring #23

mike-myers-tob · 2020-02-26T01:09:02Z

This should be scoped appropriately to avoid performance overhead. The goals are integrity monitoring (example: nobody should be altering this specific security policy configuration file), and access auditing / lightweight Data Loss Prevention (for examples: assume there's a file with stored AWS credentials, watch to make sure nobody is looking at it that shouldn't be).

mike-myers-tob added enhancement New feature or request detections Related to sensors and/or detection capabilities blocking Related to blocking logic and rules syntax labels Feb 26, 2020

mike-myers-tob mentioned this issue Feb 26, 2020

Implement detection of filesystem anti-forensics #34

Closed

mike-myers-tob added this to the Version 2.0 milestone Feb 26, 2020

mike-myers-tob mentioned this issue Mar 27, 2020

Invalidate cached approvals in reaction to on-disk changes #42

Open

alessandrogario added the icebox label Jun 8, 2020

alessandrogario closed this as completed Jun 8, 2020

mike-myers-tob mentioned this issue Aug 12, 2020

Implement file integrity monitoring #90

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Implement file access monitoring #23

Implement file access monitoring #23

mike-myers-tob commented Feb 26, 2020

Implement file access monitoring #23

Implement file access monitoring #23

Comments

mike-myers-tob commented Feb 26, 2020