</td>
<td class="col-5">
</td>
</tr>
<tr class="row">
<td class="col-0">
<a href="/sources/9ef6364d-cc67-480e-8448-3306829a6a24/">Linux Auditd Execve</a>
</td>
<td class="col-1">
<img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
Linux
</td>
<td class="col-2">
linux:audit
</td>
<td class="col-3">
/var/log/audit/audit.log
</td>
<td class="col-4">
</td>
<td class="col-5">
</td>
</tr>
<tr class="row">
<td class="col-0">
<a href="/sources/3d86125c-0496-4a5a-aae3-0d355a4f3d7d/">Linux Auditd Path</a>
</td>
<td class="col-1">
<img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
Linux
</td>
<td class="col-2">
linux:audit
</td>
<td class="col-3">
/var/log/audit/audit.log
</td>
<td class="col-4">
</td>
<td class="col-5">
</td>
</tr>
<tr class="row">
<td class="col-0">
<a href="/sources/5a25984a-2789-400a-858b-d75c923e06b1/">Linux Auditd Proctitle</a>
</td>
<td class="col-1">
<img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
Linux
</td>
<td class="col-2">
linux:audit
</td>
<td class="col-3">
/var/log/audit/audit.log
</td>
<td class="col-4">
</td>
<td class="col-5">
</td>
</tr>
<tr class="row">
<td class="col-0">
<a href="/sources/0643483c-bc62-455c-8d6e-1630e5f0e00d/">Linux Auditd Service Stop</a>
</td>
<td class="col-1">
<img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
Linux
</td>
<td class="col-2">
linux:audit
</td>
<td class="col-3">
/var/log/audit/audit.log
</td>
<td class="col-4">
</td>
<td class="col-5">
</td>
</tr>
<tr class="row">
<td class="col-0">
<a href="/sources/4dff7047-0d43-4096-bb3f-b756c889bbad/">Linux Auditd Syscall</a>
</td>
<td class="col-1">
<img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
Linux
</td>
<td class="col-2">
linux:audit
</td>
<td class="col-3">
/var/log/audit/audit.log
</td>
<td class="col-4">
</td>
<td class="col-5">
</td>
</tr>
<tr class="row">
<td class="col-0">
<a href="/sources/9a47d88b-1b17-49ce-a0ef-b440ddbd98bb/">Linux Secure</a>
</td>
<td class="col-1">
<img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
Linux
</td>
<td class="col-2">
linux_secure
</td>
<td class="col-3">
/var/log/secure
</td>
<td class="col-4">
</td>
<td class="col-5">
</td>
</tr>
<tr class="row">
<td class="col-0">
<a href="/sources/93643652-30fe-4941-a1f7-6454f2948660/">Sysmon for Linux EventID 1</a>
</td>
<td class="col-1">
<img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
Linux
</td>
<td class="col-2">
sysmon:linux
</td>
<td class="col-3">
Syslog:Linux-Sysmon/Operational
</td>
<td class="col-4">
</td>
<td class="col-5">
</td>
</tr>
<tr class="row">
<td class="col-0">
<a href="/sources/14672fed-235a-411f-8062-ace9696fb2af/">Sysmon for Linux EventID 11</a>
</td>
<td class="col-1">
<img src="https://research.splunk.com/icons/linux.svg" alt="Linux icon" class="icon-tiny">
Linux
</td>
<td class="col-2">
sysmon:linux
</td>
<td class="col-3">
Syslog:Linux-Sysmon/Operational
</td>
<td class="col-4">
</td>
<td class="col-5">
</td>
</tr>
</tbody>
|