Linux Activity

Owned by Steve Challans
Last updated: Sept 20, 2019
2 min read

The Linux activity dashboard shows an overview of various aspects of logs and threats that have occurred on the Linux servers. Thus log data comes from the Snare Linux agent that collects the kernel audit events from the local Linux system. The key aspects of the dashboard are:

  • Linux Event Activity - this shows an overview of which system is generating events and the nature of the events, such as acc_change, running commands with SUID, login activity and running commands from an execve system call. 
  • Linux Group Management - this tracks all account changes related to system group related changes
  • Linux Process Activity - all commands that are run on the Linux systems can be tracked and traced with details on who, what and when the commands were run.
  • Linux System Activity - this shows the overall log data volumes for each system being reported on. 
  • Linux User Activity = this shows all user activity on the systems. 
  • Linux Target Activity - the effective target user activity of what is being run on the system.

Linux Dashboards