How to configure auditd to collect logs from /proc kernel file directory
I’ve been looking for this for about 3 days now and have come up empty-handed. I am looking for a way to build a threat alert for Linux-based credential dumping in Splunk. To do this I need to be able to monitor the /proc directory. I found audit and auditd (audit deamon) but I don’t … Read more