Microsoft ATP endpoint detection on Linux

Microsoft today announced the public preview of Endpoint Detection and Response (EDR) capabilities on Linux servers running Microsoft Defender Advanced Threat (ATP) – now also known as Microsoft Defender for Endpoint.

The addition of EDR capabilities allows security analysts to detect attacks on Linux servers almost in real time through alerts that are automatically collected as incidents based on the attacker's performance and techniques.

"It simply came to our notice then preventive capabilities against viruses  and summary reports available through the Microsoft Defender Security Center, ”said Tomer Hevlin, Senior Product Manager at Microsoft.

Microsoft Defender EDR features for Endpoint Linux provide administrators with:

Rich exploration experience: including timingof his of process creation, file creation, network connections, connection events and, of course, the popular advanced “hunting”.
Optimized performance: improved CPU usage in write and long processes software.
AV detections in the environment: just like with Windows, find out where a threat came from and how the malicious process or activity was created.

Support for Linux devices

Microsoft Defender for Endpoint was made available to corporate customers with Linux devices earlier this year, in June.

Endpoint on Linux comes in the form of a command line product that will send all detected threats to the Center of Microsoft Defender

Currently, EDR features are available on Linux server distributions supported by Microsoft Defender for Endpoint: RHEL 7.2+, CentOS Linux 7.2+, 16 LTS or later, SLES 12+, Debian 9+, and Oracle Linux 7.2.

More information on how to quickly simulate attacks using EDR for Linux can be found here.

iGuRu.gr The Best Technology Site in Greecefgns

every post, directly to your

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).