The config file is this repo is based on MSTIC config file we have added to it
- Sigma Rules for Linux Detections
- GTFOBins Detections
- Malware research articles detection on Linux
journalctl -f | /opt/sysmon/sysmonLogView
https://pberba.github.io/security/2021/11/22/linux-threat-hunting-for-persistence-sysmon-auditd-webshell/ https://www.lares.com/blog/sysmon-for-linux-test-drive/ https://pberba.github.io/security/2021/11/23/linux-threat-hunting-for-persistence-account-creation-manipulation/ https://github.com/microsoft/MSTIC-Sysmon/blob/main/linux/configs/main.xml