Colleagues, and who ever tried to configure auditing in Linux/Unix not SYSLOG and through AUDITD daemon ?
And to receive events generated by the service auditd in ESM ?
Whether there is a normalization rules in Resiver for Linux/Unix auditing ?
Maybe someone tried to collect events from the auditd with the help of SIEM Collector ?
Retrieving data ...