Microsoft e kentse ts'ebeletso ea tlhahlobo ea ts'ebetso ho sistimi ea Sysmon sethaleng sa Linux. Ho beha leihlo ts'ebetso ea Linux, ho sebelisoa subsystem ea eBPF, e u lumellang ho qala li-handers tse sebetsang maemong a kernel ea sistimi e sebetsang. Laeborari ea SysinternalsEBPF e ntse e ntlafatsoa ka thoko, ho kenyeletsoa le mesebetsi e sebetsang bakeng sa ho theha bahlokomeli ba BPF bakeng sa ho beha liketsahalo leihlo tsamaisong. Khoutu ea sephutheloana sa lisebelisoa e butsoe tlas'a laesense ea MIT, 'me mananeo a BPF a tlas'a laesense ea GPLv2. Sephutheloana sa packages.microsoft.com se na le liphutheloana tse seng li entsoe tsa RPM le DEB tse loketseng kabo ea Linux e tsebahalang.
Sysmon e u lumella ho boloka logi e nang le tlhaiso-leseling e felletseng mabapi le popo le ho felisoa ha lits'ebetso, likhokahano tsa marang-rang le ho qhekella ha lifaele. Log ha e boloke feela tlhahisoleseling e akaretsang, empa hape le tlhaiso-leseling e bohlokoa bakeng sa ho sekaseka liketsahalo tsa ts'ireletso, joalo ka lebitso la ts'ebetso ea motsoali, li-hashes tsa litaba tsa lifaele tse sebetsang, tlhahisoleseling mabapi le lilaebrari tse matla, tlhahisoleseling mabapi le nako ea pōpo / phihlello / phetoho / ho hlakoloa ha lifaele, data mabapi le phihlello e tobileng ea lits'ebetso ho thibela lisebelisoa. Ho fokotsa palo ea data e tlalehiloeng, hoa khoneha ho lokisa li-filters. Log e ka bolokoa ka Syslog e tloaelehileng.
Source: opennet.ru