Search this site
SIEM Use Cases
  • Home
  • Detection Use Cases
    • Use Case Thinking
    • Detection Engineering
    • Use Case Sets
    • SIEM Specific Detections
    • MITRE ATT&CK Tactics and Techniques
    • Windows Use Cases
    • Cloud
      • AWS
      • Azure
      • Office 365
      • Okta
      • GCP
    • Canary Tokens
    • Malware
    • Active Directory
    • C2 Frameworks
    • Command Line
    • Network
    • Linux
    • Kubernetes
    • Webshells
    • Insider Threat
    • Vulnerabilities
      • log4shell CVE-2021-44228
      • Exploits
    • Yara
    • Feeds
    • Projects
    • Web
  • Logging
    • Windows Logging
    • Sysmon
    • Government Advice
    • Logging Projects
  • SOC
    • SOC Papers / Thinking
    • SOC Maturity
    • Playbooks
    • Hunting
    • SOC Analyst Tools
      • Analysis Tools
      • Regular Expressions
      • Malware Analysis
      • Other
    • Detection Gaps
    • SOAR
    • Exercising & Testing
    • Threat Modelling
    • SOC Metrics
    • SIEM Vendor Docs
    • Machine Learning
  • Work in a SOC
    • Becoming a SOC Analyst
    • Learning & Resources
      • Labs / Training
      • SIEM
      • EDR
      • Windows / Microsoft
      • Networking
      • Cloud
      • Cyber Threat Intelligence
      • Computer Science
      • Malware Analysis
      • Books and Podcasts
      • Crypto
      • Attack Techniques
      • OSINT
      • Other
      • Youtube
      • Web
      • Analysis
    • Certifications
    • Finding a job
      • CV
      • Interviews
        • Questions
        • Reverse Questions
      • Salary
  • Incident Response
    • Cloud
  • Other Stuff
    • PCI-DSS
    • Threat Intel
    • Ransomware
    • Vulnerabilities
    • Hardening
      • Personal
    • Mitre ATT&CK
    • Bored on shift...
SIEM Use Cases

Linux

Auditd configuration mapped to ATT&CK

https://github.com/bfuzzy/auditd-attack


LOLbins for *NIX systems

https://gtfobins.github.io/


Florian Roth's auditd config

https://gist.github.com/Neo23x0/9fe88c0c5979e017a389b90fd19ddfee


Detecting ATT&CK techniques & tactics for Linux

https://github.com/Kirtar22/Litmus_Test/blob/master/README.md


Sysmon for Linux

https://github.com/microsoft/MSTIC-Sysmon/tree/main/linux/configs

https://www.lares.com/blog/sysmon-for-linux-test-drive/


Detecting persistence mechanisms in Linux

https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/

https://pberba.github.io/security/2021/11/23/linux-threat-hunting-for-persistence-account-creation-manipulation/

Any queries, comments, suggestions, or corrections gratefully received: website@siemusecases.com

Google Sites
Report abuse
Page details
Page updated
Google Sites
Report abuse