by lowleveldesign on 10/15/21, 12:05 PM with 1 comments
by lowleveldesign on 10/15/21, 12:06 PM
Yesterday, MS released the first version of Sysmon for Linux and made it open-source (MIT license)[3]. It is based on eBPF. In [4] they show how they use it in Azure to collect events from the Linux VMs.
- [1] https://docs.microsoft.com/en-us/sysinternals/downloads/sysm...
- [2] https://github.com/SwiftOnSecurity/sysmon-config
- [3] https://github.com/Sysinternals/SysmonForLinux
- [4] https://techcommunity.microsoft.com/t5/azure-sentinel/automa...