x0Bloot / auditd-attack Public

forked from lnxg33k/auditd-attack

Notifications You must be signed in to change notification settings
Fork 0
Star 0

A Linux Auditd rule set mapped to MITRE's Attack Framework

0 stars 7 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
auditd-attack		auditd-attack
README.md		README.md

Repository files navigation

auditd-attack

A Linux Auditd rule set mapped to MITRE's Attack Framework

Disclaimer

Please ensure you test these rules prior to pushing them into production. This rule set is NOT meant to have all of its rules enabled all at once (although that'd be ideal) it is setup to serve as guidance toward increasing detection/hunting coverage.

WIKI

Special Thanks To:

auditdBroFramework

TODO

Increase MITRE ATT&CK coverage

About

A Linux Auditd rule set mapped to MITRE's Attack Framework

Report repository

Releases

No releases published

Packages

No packages published