Auditbeat Modules

-
*Note: Not all OS supports all the module options.
1. Auditd
- module: auditd
  resolve_ids: true
  failure_mode: silent
  backlog_limit: 8192
  rate_limit: 0
  include_raw_message: false
  include_warnings: false
  backpressure_strategy: auto

 2. File Integrity Monitoring
- module: file_integrity
  paths:
  - /bin
  - /usr/bin
  - /sbin
  - /usr/sbin
  - /etc
  exclude_files:
  - '(?i)\.sw[nop]$'
  - '~$'
  - '/\.git($|/)'
  include_files: []
  scan_at_start: true
  scan_rate_per_sec: 50 MiB
  max_file_size: 100 MiB
  hash_types: [sha1]
  recursive: false
3. System
- module: system
  datasets:
    - host
    - login
    - package
    - process
    - socket
    - user
  period: 10s
  state.period: 12h

  socket.include_localhost: false

  user.detect_password_changes: true

Popular posts from this blog

Saw my best friend.

-
In a market, after eight years, they crossed each other. In that crowd she didn’t notice him. It was then her six years old daughter who saw him and at once pulled her momma's sari and claimed, "Momma, he looks like the same guy in your college album, your best friend."                                                 She looked down to her child and asked politely, “What is it my dear?” “Momma,” said her excited daughter pointing towards the flower shop, “Over there, that uncle, your best friend!”                                           ...
Read more

The case of Wakefield family.

-
Image
Case 1725: Wakefield Family. Barbara Wakefield , age 30, wife of Bram Wakefield, died in a car accident on 25th November, 2003. Her dead body was found in their smashed car. Investigated reason for the accident : With her family, she was returning from a restaurant at night, in a car. As their car turned right for their home street, a truck smashed them from front. The accident killed Barbara and left her husband and her child injured. Evidences : The security camera footage of the street. Edward Wakefield , age 8, the only child of Bram Wakefield, died in a fire, on 2nd December, 2003, in his residence. His dead body was found in the hall. The body was completely burnt. Investigated reason for the fire : The kitchen stove was left open by Bram Wakefield in the morning. Edward lit the matchstick, near the stove, at afternoon and caught the fire. He ran to the hall but couldn’t save himself. Evidences : Partially burnt matchstick box found on the floor having ...
Read more

Saw my best friend part 2

-
Wife lifted herself and looked deep into the eyes of her loving husband. He was the only person who knows exactly, how to treat her, how to comfort her and how to love her. She knew it well that her husband never liked to hear the stories or talks about Deva, but for the sake of her smile he always listened to her. But she was now required to answer, so she calmed herself and started telling that why she didn’t met her best friend. “He was at the flower shop,” she started, arranging all the incidents in her memory, she sounded firm, she continued, “few steps away, holding flowers in his hand. At first it seemed he hasn’t noticed me so I started walking rapidly towards him. I wanted to surprise him. Several thoughts rushed into my head. I was staring him, trying to notice what all had changed in him during these eight years. He has buffed up! He is no longer thin like those old days.” Sanjeev was listening to his wife very carefully and in his imagination, he picturized everything t...
Read more