Microsoft today announced the public preview of the capabilities ανίχνευσης και απόκρισης τελικού σημείου (EDR) σε διακομιστές Linux που χρησιμοποιούν Microsoft Defender Advanced Threat Protection (ATP) – τώρα γνωστό και ως Microsoft Defender για Endpoint.
The procase of EDR capabilities provides security analysts with the ability to detect attacks on Linux servers in near real-time through alerts that are automatically aggregated as incidents based on attacker performance and techniques.
"It simply came to our notice then preventive capabilities against viruses and summary reports available through the Microsoft Defender Security Center, ”said Tomer Hevlin, Senior Product Manager at Microsoft.
Microsoft Defender EDR features for Endpoint Linux provide administrators with:
• Rich exploration experience: including timingletterof the machine, of creating processes, of creation files, network connections, connection events and, of course, the popular advanced “hunt”.
• Optimized performance: Improved CPU usage in editing processes and large software applications.
• AV detections in the environment: just like with Windows, find out where a threat came from and how the malicious process or activity was created.
Support for Linux devices
Microsoft Defender for Endpoint was made available to corporate customers with Linux devices earlier this year, in June.
Endpoint on Linux comes in the form of a command line product that will send all detected threats to the Microsoft Defender Security Center
EDR capabilities are currently available on Linux server distributions supported by Microsoft Defender for Endpoint: RHEL 7.2+, CentOS Linux 7.2+, Ubuntu 16 LTS or later LTS, SLES 12+, Debian 9+, and Oracle Linux 7.2.
More information on how to quickly simulate attacks using EDR for Linux can be found here.