Product

Elastic Agent Auditd Manager

1 brief RSS

Suspicious Process Accessing Sensitive Identity Files via Auditd

This rule detects suspicious processes, such as copy utilities or scripting tools, accessing sensitive identity files on Linux systems, including Kubernetes tokens, cloud CLI configurations, and root SSH keys, indicating potential credential theft.

Elastic Agent Auditd Manager +4 credential-access linux auditd

3r 2t Jan 3, 2024