The paper mentions that Kairos is agnostic to the audit collection tool and that it should be compatible with linux audit log files.
However, I am struggling to build the parser for such files. Any chance the team has already worked on anything similar? Happy to add such parser myself but would need some guidance on which audit events would map to the nodes and edges that are processed by Kairos.
The paper mentions that Kairos is agnostic to the audit collection tool and that it should be compatible with linux audit log files. However, I am struggling to build the parser for such files. Any chance the team has already worked on anything similar? Happy to add such parser myself but would need some guidance on which audit events would map to the nodes and edges that are processed by Kairos.