I-Microsoft ithumele isevisi yokuqapha umsebenzi ohlelweni lwe-Sysmon endaweni ye-Linux. Ukuqapha ukusebenza kwe-Linux, i-subsystem ye-eBPF isetshenziswa, ekuvumela ukuthi uqalise izibambi ezisebenza ezingeni le-kernel yesistimu yokusebenza. Umtapo wezincwadi we-SysinternalsEBPF uthuthukiswa ngokuhlukene, okuhlanganisa imisebenzi elusizo ekudaleni izibambi ze-BPF zokuqapha imicimbi ohlelweni. Ikhodi yekhithi yamathuluzi ivuliwe ngaphansi kwelayisensi ye-MIT, futhi izinhlelo ze-BPF zingaphansi kwelayisensi ye-GPLv2. Inqolobane ye-packages.microsoft.com iqukethe amaphakheji e-RPM enziwe ngomumo kanye ne-DEB afanele ukusatshalaliswa kwe-Linux okudumile.
I-Sysmon ikuvumela ukuthi ugcine ilogi enolwazi oluningiliziwe mayelana nokudala nokunqanyulwa kwezinqubo, ukuxhumana kwenethiwekhi kanye nokukhohlisa kwamafayela. Ilogi ayigcini nje imininingwane evamile, kodwa futhi nolwazi oluwusizo ekuhlaziyeni izehlakalo zokuphepha, njengegama lenqubo yomzali, ama-hashes okuqukethwe kwamafayela asebenzisekayo, ulwazi olumayelana nemitapo yolwazi eguquguqukayo, ulwazi mayelana nesikhathi sokudala/ukufinyelela/ushintsho/ ukususwa kwamafayela, idatha mayelana nokufinyelela okuqondile kwezinqubo zokuvimbela amadivayisi. Ukuze unciphise inani ledatha erekhodiwe, kungenzeka ukulungisa izihlungi. Ilogi ingagcinwa nge-Syslog ejwayelekile.
Source: opennet.ru