Hu6li
Hu6li
Hi, I reworked the series and added the `filter: bool` to the event. Assuming an event should not be filtered upon creation the default is set to false. Only while...
I reworked/cleaned up the commits, sorry for the mess a lot of the code was due to improper cleanup before committing (debug code). Hope it is ok now, otherwise I...
#24 sounds interesting, I can give it a try
Great, thank you! You can just tag me along with the feature if this is ok?
Since auditd log format isn't optimal when it comes to correlation and visibility (especially in a SIEM), would it be a possibility to parse the logs using [Laurel](https://github.com/threathunters-io/laurel/tree/v0.6.1?tab=readme-ov-file)? This will...
Hi Patrick, Many thanks for your detailed answer. No worries about the delay, as you see I wasn't that fast either so please also excuse my late response. We use...
Hi Patrick Currently the system has 6111 threads running. Awesome thanks for your feedback. I tried running unhide using the "-vou reverse quick" option which helped a bit. Unhide finished...
Hi Patrick, Over the past few days, I explored some options and considered generating a single "ps --no-header" output before iterating over all possible PIDs. This approach aimed to reduce...