Threat Hunting On Linux And Mac With Auditbeat System Module - Aaron Jewitt



Many people are building a custom alerting and monitoring systems for Windows using Sysmon and Elastic Stack, but until recently, there hasn't been a reliable way to centrally monitor activity on a wide variety of Mac and Linux systems for much of the information that Sysmon gives you. You could collect auditd and system logs, but each system has differently formatted logs, and the information provided may not be as robust or helpful. Enter the newly released Elastic Auditbeat System module; it is like Sysmon for Linux. Monitor a fleet of Linux systems for processes, installed packages, sockets, users, and host information. In this talk, we will discuss the Auditbeat System module, advantages and disadvantages, tips for configuring it, and how to use this data to monitor and hunt for intrusions using Kibana.

source: https://www.youtube.com/watch?v=teq6r7XbBug

Para mas noticias, visita: https://sectemple.blogspot.com/

Comments