UMicrosoft uye wafaka inkonzo yokuhlola umsebenzi kwinkqubo yeSysmon kwiqonga leLinux. Ukubeka iliso ekusebenzeni kweLinux, i-subsystem ye-eBPF iyasetyenziswa, ekuvumela ukuba uqalise abaphangi abasebenzayo kwinqanaba le-kernel yenkqubo yokusebenza. Ithala leencwadi le-SysinternalsEBPF liphuhliswa ngokwahlukeneyo, kuquka nemisebenzi eluncedo ekudaleni abaphathi be-BPF ukulungiselela imisitho yokubeka iliso kwisistim. Ikhowudi yekhithi yezixhobo ivuliwe phantsi kwelayisenisi ye-MIT, kwaye iinkqubo ze-BPF ziphantsi kwelayisensi ye-GPLv2. Ipakethe.microsoft.com yokugcina iqulethe i-RPM esele yenziwe kunye neepakethe zeDEB ezifanelekileyo kunikezelo oludumileyo lweLinux.
I-Sysmon ikuvumela ukuba ugcine i-log eneenkcukacha ezicacileyo malunga nokudalwa kunye nokupheliswa kweenkqubo, uqhagamshelo lwenethiwekhi kunye nokuguqulwa kweefayile. Ilog ayigcini nje kuphela ulwazi oluqhelekileyo, kodwa nolwazi oluluncedo ekuhlalutyeni iziganeko zokhuseleko, njengegama lenkqubo yomzali, i-hashes yemixholo yeefayile eziphunyezwayo, ulwazi malunga namathala eencwadi ashukumisayo, ulwazi malunga nexesha lokudala / ukufikelela / utshintsho / ukususwa kweefayile, idatha malunga nokufikelela ngokuthe ngqo kweenkqubo zokuvala izixhobo. Ukunciphisa inani ledatha erekhodiweyo, kunokwenzeka ukuqwalasela izihlungi. Ilog ingagcinwa ngeSyslog eqhelekileyo.
umthombo: opennet.ru