1) Add response audit events
2) Start getting whitelisting in place
3) verify timer services working correctly
Test on live server
4) Support nftables
5) Support IPv6
6) Patch auditctl for new ids rules
7) Should we save state on shutdown and restore on start up?
8) Develop ids rules for more coverage of ATT&CK
9) More sophisticated models
