auditd and the mystery of ANOM_* events

December 8, 2018 in auditd, linux, threat hunting

I must admit that my interest in non-Windows threat hunting is growing. I am pretty bored with 4688, sysmon, and Mitre Att&ck presos, and am now trying to expand my […]