Im trying to monitor the start and stop of processes on a server with
auditd, using the following rule
-w /usr/bin/ -p x -k T1569.002ausearch, the only log it finds is the addition of the rule.
Asked by David Pérez
(1 rep)
Jul 19, 2024, 09:16 PM
Last activity: Jul 23, 2024, 12:54 PM
Last activity: Jul 23, 2024, 12:54 PM