Forum Discussion

JasonCohen1892's avatar
Oct 14, 2021

New Blog Post | Automating the deployment of Sysmon for Linux & Azure Sentinel in a lab environment

Automating the deployment of Sysmon for Linux :penguin: and Azure Sentinel in a lab environment 🧪 - Microsoft Tech Community

Today, we celebrate 25 years of Sysinternals, a set of utilities to analyze, troubleshoot and optimize Windows systems and applications. Also, as part of this special anniversary, we are releasing Sysmon for Linux, an open-source system monitor tool developed to collect security events from Linux environments using eBPF (Extended Berkeley Packet Filter) and sending them to Syslog for easy consumption. Sysmon for Linux is built on a library also released today named sysinternalsEBPF which is built on libbpf including a library of eBPF inline functions used as helpers. 

 

In this post, we will show you how to automatically deploy a research lab environment with an Azure Sentinel instance and a few Linux virtual machines with Sysmon for Linux already installed and configured to take it for a drive and explore it.

No RepliesBe the first to reply

Resources