Linux Data Sources Data Sources

Name Platform Sourcetype Source Supported TA Date

Name	Platform	Sourcetype	Source	Supported TA	Date
Linux Auditd Daemon Abort	Linux	auditd	auditd	</td> <td class="col-5"> </td> </tr> <tr class="row"> <td class="col-0"> <a href="/sources/15135c45-e302-4d5a-a38a-3e8279f2ebd8/">Linux Auditd Daemon End</a> </td> <td class="col-1"> <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny"> Linux </td> <td class="col-2"> auditd </td> <td class="col-3"> auditd </td> <td class="col-4"> </td> <td class="col-5"> </td> </tr> <tr class="row"> <td class="col-0"> <a href="/sources/f1b97407-ddf0-41a5-8685-ada05aae3555/">Linux Auditd Daemon Start</a> </td> <td class="col-1"> <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny"> Linux </td> <td class="col-2"> auditd </td> <td class="col-3"> auditd </td> <td class="col-4"> </td> <td class="col-5"> </td> </tr> <tr class="row"> <td class="col-0"> <a href="/sources/30f79353-e1d2-4585-8735-1e0359559f3f/">Linux Auditd Add User</a> </td> <td class="col-1"> <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny"> Linux </td> <td class="col-2"> auditd </td> <td class="col-3"> auditd </td> <td class="col-4"> </td> <td class="col-5"> </td> </tr> <tr class="row"> <td class="col-0"> <a href="/sources/9ef6364d-cc67-480e-8448-3306829a6a24/">Linux Auditd Execve</a> </td> <td class="col-1"> <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny"> Linux </td> <td class="col-2"> auditd </td> <td class="col-3"> auditd </td> <td class="col-4"> </td> <td class="col-5"> </td> </tr> <tr class="row"> <td class="col-0"> <a href="/sources/3d86125c-0496-4a5a-aae3-0d355a4f3d7d/">Linux Auditd Path</a> </td> <td class="col-1"> <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny"> Linux </td> <td class="col-2"> auditd </td> <td class="col-3"> auditd </td> <td class="col-4"> </td> <td class="col-5"> </td> </tr> <tr class="row"> <td class="col-0"> <a href="/sources/5a25984a-2789-400a-858b-d75c923e06b1/">Linux Auditd Proctitle</a> </td> <td class="col-1"> <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny"> Linux </td> <td class="col-2"> auditd </td> <td class="col-3"> auditd </td> <td class="col-4"> </td> <td class="col-5"> </td> </tr> <tr class="row"> <td class="col-0"> <a href="/sources/0643483c-bc62-455c-8d6e-1630e5f0e00d/">Linux Auditd Service Stop</a> </td> <td class="col-1"> <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny"> Linux </td> <td class="col-2"> auditd </td> <td class="col-3"> auditd </td> <td class="col-4"> </td> <td class="col-5"> </td> </tr> <tr class="row"> <td class="col-0"> <a href="/sources/4dff7047-0d43-4096-bb3f-b756c889bbad/">Linux Auditd Syscall</a> </td> <td class="col-1"> <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny"> Linux </td> <td class="col-2"> auditd </td> <td class="col-3"> auditd </td> <td class="col-4"> </td> <td class="col-5"> </td> </tr> <tr class="row"> <td class="col-0"> <a href="/sources/9a47d88b-1b17-49ce-a0ef-b440ddbd98bb/">Linux Secure</a> </td> <td class="col-1"> <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny"> Linux </td> <td class="col-2"> linux_secure </td> <td class="col-3"> /var/log/secure </td> <td class="col-4"> </td> <td class="col-5"> </td> </tr> <tr class="row"> <td class="col-0"> <a href="/sources/93643652-30fe-4941-a1f7-6454f2948660/">Sysmon for Linux EventID 1</a> </td> <td class="col-1"> <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny"> Linux </td> <td class="col-2"> sysmon:linux </td> <td class="col-3"> Syslog:Linux-Sysmon/Operational </td> <td class="col-4"> </td> <td class="col-5"> </td> </tr> <tr class="row"> <td class="col-0"> <a href="/sources/14672fed-235a-411f-8062-ace9696fb2af/">Sysmon for Linux EventID 11</a> </td> <td class="col-1"> <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny"> Linux </td> <td class="col-2"> sysmon:linux </td> <td class="col-3"> Syslog:Linux-Sysmon/Operational </td> <td class="col-4"> </td> <td class="col-5"> </td> </tr> </tbody>

Linux

auditd

        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/15135c45-e302-4d5a-a38a-3e8279f2ebd8/">Linux Auditd Daemon End</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
              Linux
        </td>
        <td class="col-2">
            auditd
        </td>
        <td class="col-3">
            auditd
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/f1b97407-ddf0-41a5-8685-ada05aae3555/">Linux Auditd Daemon Start</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
              Linux
        </td>
        <td class="col-2">
            auditd
        </td>
        <td class="col-3">
            auditd
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/30f79353-e1d2-4585-8735-1e0359559f3f/">Linux Auditd Add User</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
              Linux
        </td>
        <td class="col-2">
            auditd
        </td>
        <td class="col-3">
            auditd
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/9ef6364d-cc67-480e-8448-3306829a6a24/">Linux Auditd Execve</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
              Linux
        </td>
        <td class="col-2">
            auditd
        </td>
        <td class="col-3">
            auditd
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/3d86125c-0496-4a5a-aae3-0d355a4f3d7d/">Linux Auditd Path</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
              Linux
        </td>
        <td class="col-2">
            auditd
        </td>
        <td class="col-3">
            auditd
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/5a25984a-2789-400a-858b-d75c923e06b1/">Linux Auditd Proctitle</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
              Linux
        </td>
        <td class="col-2">
            auditd
        </td>
        <td class="col-3">
            auditd
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/0643483c-bc62-455c-8d6e-1630e5f0e00d/">Linux Auditd Service Stop</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
              Linux
        </td>
        <td class="col-2">
            auditd
        </td>
        <td class="col-3">
            auditd
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/4dff7047-0d43-4096-bb3f-b756c889bbad/">Linux Auditd Syscall</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
              Linux
        </td>
        <td class="col-2">
            auditd
        </td>
        <td class="col-3">
            auditd
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/9a47d88b-1b17-49ce-a0ef-b440ddbd98bb/">Linux Secure</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
              Linux
        </td>
        <td class="col-2">
            linux_secure
        </td>
        <td class="col-3">
            /var/log/secure
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/93643652-30fe-4941-a1f7-6454f2948660/">Sysmon for Linux EventID 1</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
              Linux
        </td>
        <td class="col-2">
            sysmon:linux
        </td>
        <td class="col-3">
            Syslog:Linux-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/14672fed-235a-411f-8062-ace9696fb2af/">Sysmon for Linux EventID 11</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
              Linux
        </td>
        <td class="col-2">
            sysmon:linux
        </td>
        <td class="col-3">
            Syslog:Linux-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
</tbody>