bfuzzy/auditd-attack
A Linux Auditd rule set mapped to MITRE’s Attack Framework
| repo name | bfuzzy/auditd-attack |
| repo link | https://github.com/bfuzzy/auditd-attack |
| homepage | |
| language | |
| size (curr.) | 2114 kB |
| stars (curr.) | 512 |
| created | 2018-07-27 |
| license | MIT License |
auditd-attack
A Linux Auditd rule set mapped to MITRE’s Attack Framework
Disclaimer
Please ensure you test these rules prior to pushing them into production. This rule set is NOT meant to have all of its rules enabled all at once (although that’d be ideal) it is setup to serve as guidance toward increasing detection/hunting coverage.
WIKI
Special Thanks To:
TODO
- Increase MITRE ATT&CK coverage
- Test rules across multiple flavors of Linux
- Determine performance impacts of the ruleset
