← Back to Explore
T1562.012
Disable or Modify Linux Audit System
Adversaries may disable or modify the Linux audit system to hide malicious activity and avoid detection. Linux admins use the Linux Audit system to track security-relevant information on a system. The Linux Audit system operates at the kernel-level and maintains event logs on application and system activity such as process, network, file, and login events based on pre-configured rules. Often referred to as `auditd`, this is the name of the daemon used to write events to disk and is governed by ...
Linux
4
Detections
2
Sources
0
Threat Actors
BY SOURCE
3splunk_escu1sigma
PROCEDURES (2)
General Monitoring3 detections
Auto-extracted: 3 detections for general monitoring
Process Creation Monitoring1 detections
Auto-extracted: 1 detections for process creation monitoring