A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
ArchLinux setup which focuses on desktop security
An Ansible Role that installs Auditbeat on RedHat/CentOS or Debian/Ubuntu.
CMAuditd (version 2) is a free and open-source GUI designed to be used with Auditd, which is the userspace component of the Linux Auditing System. It provides more functionality and a better interface than its previous version.
An Ansible Role to install and configure audit.
eBPF-based forensic monitoring system (CLI + Streamlit UI) that captures kernel-level system activity, stores it in Elasticsearch, filters noise based on HOLMES, BEEP (research papers), and applies advanced AI provenance analysis. A different UI version of this project with improved features is available at the below specified repo.
Ansible CIS Level 2 hardening suite for RHEL/Rocky Linux — auditd rules, SELinux enforcement, SSH/PAM lockdown, and a Python compliance checker with pass/fail reporting
Python script to notify about successful SSH logins
An Autopsy data source ingest module for detection of IOCs in EVTX for Windows and Auditd for Linux based on SIGMA Rules.
Ransomware Detection using Honeypots and File Entropy Analysis
Add a description, image, and links to the auditd topic page so that developers can more easily learn about it.
To associate your repository with the auditd topic, visit your repo's landing page and select "manage topics."