Alternatives and similar repositories for audit-userspace:

Users that are interested in audit-userspace are comparing it to the libraries listed below

• linux-audit / audit-kernel
  GitHub mirror of the Linux Kernel's audit repository
  ☆150Updated last week
• linux-audit / audit-documentation
  Documentation and specifications
  ☆194Updated 3 months ago
• linux-application-whitelisting / fapolicyd
  File Access Policy Daemon
  ☆210Updated this week
• Neo23x0 / auditd
  Best Practice Auditd Configuration
  ☆1,602Updated 2 months ago
• bfuzzy / auditd-attack
  A Linux Auditd rule set mapped to MITRE's Attack Framework
  ☆788Updated 4 years ago
• SELinuxProject / refpolicy
  SELinux Reference Policy v2
  ☆324Updated last week
• OISF / suricata-update
  The tool for updating your Suricata rules.
  ☆270Updated 2 weeks ago
• threathunters-io / laurel
  Transform Linux Audit logs for SIEM usage
  ☆761Updated 3 weeks ago
• shirkdog / pulledpork
  Pulled Pork for Snort and Suricata rule management (from Google code)
  ☆434Updated 3 years ago
• OpenSCAP / scap-workbench
  SCAP Scanner And Tailoring Graphical User Interface
  ☆231Updated last year
• palantir / osquery-configuration
  A repository for using osquery for incident detection and response
  ☆844Updated 2 years ago
• aide / aide
  aide source code
  ☆597Updated 2 weeks ago
• sjvermeu / cvechecker
  Command-line utility to scan the system and report on potential vulnerabilities, based on public CVE data
  ☆263Updated last year
• wazuh / wazuh-ruleset
  Wazuh - Ruleset
  ☆446Updated 7 months ago
• Magentron / chkrootkit
  This program locally checks for signs of a rootkit. 'Forked' to fix false-positive for SucKIT rootkit
  ☆229Updated 2 years ago
• containers / udica
  This repository contains a tool for generating SELinux security profiles for containers
  ☆518Updated last month
• microsoft / SysinternalsEBPF
  The Linux port of the Sysinternals Sysmon tool.
  ☆260Updated last month
• Tripwire / tripwire-open-source
  Open Source Tripwire®
  ☆887Updated last year
• slackhq / go-audit
  go-audit is an alternative to the auditd daemon that ships with many distros
  ☆1,619Updated last week
• cloudflare / bpftools
  BPF Tools - packet analyst toolkit
  ☆1,207Updated 7 months ago
• redcanaryco / redcanary-ebpf-sensor
  Red Canary's eBPF Sensor
  ☆104Updated 9 months ago
• OpenSCAP / openscap
  NIST Certified SCAP 1.2 toolkit
  ☆1,478Updated this week
• StamusNetworks / scirius
  Scirius is a web application for Suricata ruleset management and threat hunting.
  ☆650Updated last week
• a13xp0p0v / kernel-hardening-checker
  A tool for checking the security hardening options of the Linux kernel
  ☆1,835Updated last month
• jasonish / evebox
  Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search
  ☆455Updated 2 weeks ago
• teoseller / osquery-attck
  Mapping the MITRE ATT&CK Matrix with Osquery
  ☆793Updated last year
• OISF / libhtp
  LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces.
  ☆299Updated 3 weeks ago
• CISecurity / OVALRepo
  ☆276Updated last year
• pevma / SEPTun
  Suricata Extreme Performance Tuning guide
  ☆208Updated 7 years ago
• secureworks / dalton
  Suricata, Snort and Zeek IDS rule and pcap testing system
  ☆474Updated 3 months ago