Skip to content

[FR] Pre-Built Elastic Auditd Ruleset #4713

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Aegrah opened this issue May 9, 2025 · 0 comments
Open

[FR] Pre-Built Elastic Auditd Ruleset #4713

Aegrah opened this issue May 9, 2025 · 0 comments
Assignees
@Aegrah
Labels
enhancement New feature or request OS: Linux Security Content Team: TRADE

Comments

@Aegrah
Copy link
Contributor

Aegrah commented May 9, 2025
edited
Loading

Summary

The detection rules repository has multiple rules that require Auditd rules to work properly. The investigation guides contain the information needed to create the rule file, however, it would be convenient to have a full OOTB elastic Auditd ruleset available that contains all rules necessary to run all OOTB detection rules.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Aegrah Aegrah

Labels
enhancement New feature or request OS: Linux Security Content Team: TRADE
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Aegrah