Tetragon: лучшие практики и нюансы разработки Tracing Policy Привет! Меня зовут Виталий Шишкин, я эксперт продукта Contain...

#tetragon #linux #cloud #native #информационная #безопасность #аудит #безопасности #kubernetes #auditd #kprobes

Origin | Interest | Match

EDR on Linux are mostly useless (it's a Windows market) and a black box, anyway. Do it better, with #laurel for logevent transformation and enrichment on the host. #velociraptor is not just for response capabilities. It also gives you further enrichment of […]

[Original post on social.linux.pizza]

Детектирование SSH-туннелей на Linux-хостах Привет, Хабр! Это Антон Грищенко, руководитель L1 SOC, и Назар Корниенк...

#linux #auditd #ssh #Port #Forwarding #SSHD #Sigma #Rule

Origin | Interest | Match

Скрипт, который следит за тобой: автоматический аудит действий в Linux Привет, Хабр! В данной статье хочу разоб...

#auditd #linux #безопасность #логирование #алерты

Origin | Interest | Match

2/

On this particular host, such event is logged by #auditd (output edited for brevity):

```
type=SYSCALL syscall=257 success=no exit=-13 comm="psql" exe="/usr/bin/perl" SYSCALL=openat
```

As you can see, this read attempt failed. Actually, that's the reason it got logged.

#psql, at least version 15.12, really likes `/etc/shadow` file. To such a degree that it tries to read it upon each invocation:

```
$ strace psql 2>&1 | grep /etc/shadow
openat(AT_FDCWD, "/etc/shadow", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
```

#auditd #bwrap #alerting #linux

1/

GitHub - threathunters-io/laurel: Transform Linux Audit logs for SIEM usage Transform Linux Audit logs for SIEM usage. Contribute to threathunters-io/laurel development by creating an account on GitHub.

I have just published version 0.7.2 of Laurel, the #Linux #auditd post-processing plugin. Enjoy useful, enriched, JSON-formatted audit logs suitable for threat detection in modern #SIEM setups. Laurel is written in #Rust.

github.com/threathunter...

lazyjournal — ленивый интерфейс для поиска и анализа лого...

habr.com/ru/articles/899750/

#сезон #open #source #golang #tui #journalctl #journald #auditd #docker #логи #мониторинг

Event Attributes

GitHub - threathunters-io/laurel: Transform Linux Audit logs for SIEM usage Transform Linux Audit logs for SIEM usage. Contribute to threathunters-io/laurel development by creating an account on GitHub.

I have just released version 0.7.0 of Laurel, the #Linux #auditd post-processing plugin. Enjoy useful, enriched, JSON-formatted audit logs suitable for threat detection in modern #SIEM setups. Laurel is written in #Rust.

github.com/threathunter...

GitHub - threathunters-io/laurel: Transform Linux Audit logs for SIEM usage Transform Linux Audit logs for SIEM usage. Contribute to threathunters-io/laurel development by creating an account on GitHub.

Version 0.6.5 of Laurel, the #Linux #auditd post-processing plugin is out. Enjoy useful, enriched, JSON-formatted audit logs suitable for threat detection in modern #SIEM setups.

github.com/threathunter...

GitHub - threathunters-io/laurel: Transform Linux Audit logs for SIEM usage Transform Linux Audit logs for SIEM usage. Contribute to threathunters-io/laurel development by creating an account on GitHub.

Version 0.6.4 of Laurel, the #Linux #auditd post-processing plugin is out, github.com/threathunter.... Enjoy useful, enriched, JSON-formatted audit logs suitable for threat detection in modern #SIEM setups.