Hi, i am looking to cover all security related things on unix OS.
I chose Wazuh as SIEM and he itself have some detection/monitoring mechanism.But he itself cannot track all what i need, for example memfd_create() calls, which are used for file less attacks, for that i can use sysmon for linux. But for example if i want to see all browser extension which are installed, i must use osquery... and so on ...
My question is, what i need to setup on one unix OS (macos) and linux (ubuntu) to cover all vectors of attacks?
Is wazuh+osquery+sysmon enough ?
Or maybe i need auditd too for this, what about rkhunter...?
I chose Wazuh as SIEM and he itself have some detection/monitoring mechanism.But he itself cannot track all what i need, for example memfd_create() calls, which are used for file less attacks, for that i can use sysmon for linux. But for example if i want to see all browser extension which are installed, i must use osquery... and so on ...
My question is, what i need to setup on one unix OS (macos) and linux (ubuntu) to cover all vectors of attacks?
Is wazuh+osquery+sysmon enough ?
Or maybe i need auditd too for this, what about rkhunter...?
