A Linux Auditd Rule Set Mapped to MITRE's Attack Framework (opens in new tab)

A pretty sensible overview of auditd for those who aren't Linux sysadmins: https://linux-audit.com/configuring-and-auditing-linux-syste...