complete security monitoring

y0d4

New Member
Joined
Jan 28, 2023
Messages
1
Reaction score
0
Credits
15
Hi, i am looking to cover all security related things on unix OS.

I chose Wazuh as SIEM and he itself have some detection/monitoring mechanism.But he itself cannot track all what i need, for example memfd_create() calls, which are used for file less attacks, for that i can use sysmon for linux. But for example if i want to see all browser extension which are installed, i must use osquery... and so on ...

My question is, what i need to setup on one unix OS (macos) and linux (ubuntu) to cover all vectors of attacks?

Is wazuh+osquery+sysmon enough ?

Or maybe i need auditd too for this, what about rkhunter...?
 

Members online


Top