Detections
Analytics

Revision 1.1

Oct 25, 2021
Informational Update
  • 4.1.12 Ensure successful file system mounts are collected - auditctl (64-bit)
  • 4.1.8 Ensure events that modify the system's network environment are collected - auditctl sethostname (64-bit)
  • 4.1.8 Ensure events that modify the system's network environment are collected - sethostname (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chmod/fchmod/fchmodat (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chown/fchown/fchownat/lchown (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl xattr (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown (64-bit)
  • 4.1.9 Ensure discretionary access control permission modification events are collected - xattr (64-bit)
Added
  • 4.1.12 Ensure successful file system mounts are collected (64-bit)
  • 4.1.14 Ensure file deletion events by users are collected (32-bit)
  • 4.1.14 Ensure file deletion events by users are collected (64-bit)
  • 4.1.14 Ensure file deletion events by users are collected - auditctl (32-bit)
  • 4.1.14 Ensure file deletion events by users are collected - auditctl (64-bit)
  • 4.1.15 Ensure kernel module loading and unloading is collected - auditctl modules
  • 4.1.15 Ensure kernel module loading and unloading is collected - modules
  • 4.1.6 Ensure events that modify date and time information are collected - adjtimex (64-bit)
  • 4.1.6 Ensure events that modify date and time information are collected - auditctl adjtimex (64-bit)
  • 4.1.6 Ensure events that modify date and time information are collected - auditctl clock_settime (64-bit)
  • 4.1.6 Ensure events that modify date and time information are collected - clock_settime (64-bit)
Removed
  • 4.1.12 Ensure successful file system mounts are collected - b64
  • 4.1.14 Ensure file deletion events by users are collected - auditctl x64
  • 4.1.14 Ensure file deletion events by users are collected - auditctl x86
  • 4.1.14 Ensure file deletion events by users are collected - x64
  • 4.1.14 Ensure file deletion events by users are collected - x86
  • 4.1.15 Ensure kernel module loading and unloading is collected - b32 auditctl modules
  • 4.1.15 Ensure kernel module loading and unloading is collected - b32 modules
  • 4.1.15 Ensure kernel module loading and unloading is collected - b64 auditctl modules
  • 4.1.15 Ensure kernel module loading and unloading is collected - b64 modules
  • 4.1.6 Ensure events that modify date and time information are collected - adjtimex x64
  • 4.1.6 Ensure events that modify date and time information are collected - auditctl adjtimex x64
  • 4.1.6 Ensure events that modify date and time information are collected - auditctl clock_settime x64
  • 4.1.6 Ensure events that modify date and time information are collected - clock_settime x64