System call auditing made effective with machine learning and selective reporting
Speaker: Ravi Honnavalli, Staff Engineer, Walmart
System call auditing on production servers has been around for a very long time. Aggregating system call events from Linux’s audit component using auditd daemon has been time tested. However, given the amount of auditd logs that get generated on a daily basis, most of which are routine, administrators go blind to typical priviledge escalation attempts like failed sudo accesses, failed multiple login attempts, unauthorized file access, etc.
When …