This article explains how to ingest your on-premise Linux Auditd Logs to Hunters. These logs hold alerts from the Linux Auditing system logs, used to monitor system calls, file accesses and more.
These files should be located in the /var/log/audit/ folder on your Linux machines.
Hunters Ingestion
For Hunters to integrate with your on-premise Linux Audit Logs, the logs should be collected to a Storage Service (e.g. to an S3 bucket or Azure Blob Storage) shared with Hunters.
Expected Logs Format
In each log file, the events should be separated by a new-line, where each event is in its raw format, and not in a json format.