Assuming I have FreeBSD auditd / auditdistd logs.. is there any ruleset or process that looks for oddities and can alert? Generally, what is a reasonable way for security monitoring #FreeBSD?

cc @stefano