ioc[.]one - OSINT Cyber Threat Intelligence Database

Summit Route - Catching attackers with go-audit and a logging pipeline

Tags

attack-pattern:

Data Server - T1583.004 Server - T1584.004 Tool - T1588.002 Sudo - T1169

Show in Graph

Common Information

Type	Value
UUID	d93a19af-fcfe-40ae-8af3-e56b29fb246e
Fingerprint	ac18e952b9afa780
Analysis status	DONE
Considered CTI value	0
Text language
Published	Dec. 25, 2016, midnight
Added to db	Jan. 18, 2023, 10:29 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Setting up auditd
Title	Summit Route - Catching attackers with go-audit and a logging pipeline
Detected Hints/Tags/Attributes	33/1/18

Source URLs

	Redirection	Url
Details	Source	https://summitroute.com/blog/2016/12/25/Catching_attackers_with_go-audit_and_a_logging_pipeline/

URL Provider

Details	Provider	Source level domain
Details	summitroute.com	summitroute.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	48		storage.googleapis.com
Details	Domain	4128		github.com
Details	Domain	32		golang.org
Details	Domain	28		artifacts.elastic.co
Details	File	38		secret.txt
Details	File	15		audit.log
Details	File	6		linux-amd64.tar
Details	File	11		net.core
Details	File	1		go-audit.log
Details	Github username	2		kardianos
Details	Github username	1		slackhq
Details	Github username	1		spf13
Details	Url	1		https://storage.googleapis.com/golang/go1.7.4.linux-amd64.tar.gz
Details	Url	1		https://github.com/slackhq/go-audit.git
Details	Url	1		https://github.com/spf13/viper/pull/165
Details	Url	1		https://golang.org/pkg/log/#pkg
Details	Url	13		https://artifacts.elastic.co/gpg-key-elasticsearch
Details	Url	1		https://artifacts.elastic.co/packages/5.x/apt