Microsoft has released a Linux version of its popular IT monitoring tool Sysmon to help IT professionals monitor Linux enviromments for possible malicious activity and log security events.
Now, Linux users can monitor devices for malicious activity using this popular Windows tool. The company released Sysmon for Linux as an open-source project on GitHub
In a Tech Community blog, Microsoft says Linux users can use the tool to collect security events from Linux environments using Extended Berkeley Packet Filter (eBPF) and send them to Syslog for easy consumption.
The company says Sysmon for Linux is built on a library also newly released called sysinternals EBPF, which is built on libbpf including a library of inline functions used as helpers.
Microsoft details how IT admins can automatically deploy a research lab environment with an Azure Sentinel instance and Linux virtual machines with Sysmon for Linux already installed and configured “to take it for a drive and explore its coverage.”
Bleeping Computer calls Sysmon a Sysinternals tool that monitors a system for malicious activity and logs any detected behavior into system log files.
“Sysmon’s versatility comes from the ability to create custom configuration files that administrators can use to monitor for specific system events that may indicate malicious activity is occurring on the system,” the website reported.
However, unlike the Windows version of the tool, Linux users will have to compile the program themselves and ensure they have all the required dependencies, according to BleepingComputer. Instructions are available on the GitHub page.
Linux users must first install the SysinternalsEBPF project, Bleeping Computer notes.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply