Wazuh custom LKRG (Linux Kernel Runtime Guard) Decoders and Rules

This project contains custom LKRG decoders and rules for Wazuh

Linux Kernel Runtime Guard (LKRG)

LKRG is a kernel module (not a kernel patch), so it can be built for and loaded on top of a wide range of mainline and distros' kernels, without needing to patch those. We currently support kernel versions ranging from as far back as RHEL7's (and its many clones/revisions) to latest mainline and distros kernels.

Put rules and decoder files under /var/ossec/etc/rules and /var/ossec/etc/decoders

Thanks

Adam 'pi3' Zabrocki (http://pi3.com.pl)

Todo

Decoders

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
README.md		README.md
lkrg_rules.xml		lkrg_rules.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Wazuh custom LKRG (Linux Kernel Runtime Guard) Decoders and Rules

Linux Kernel Runtime Guard (LKRG)

Thanks

Todo

About

Uh oh!

Releases

Packages

Uh oh!

adampielak/wazuh-lkrg

Folders and files

Latest commit

History

Repository files navigation

Wazuh custom LKRG (Linux Kernel Runtime Guard) Decoders and Rules

Linux Kernel Runtime Guard (LKRG)

Thanks

Todo

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Packages