Forum Discussion
Solved
MDE for Linux and audit logs
Just confirming that MDE for Linux will ingest events from the audit logs based on the following statement from Microsoft's documentation: System events captured by rules added to /etc/audit/rules....
- You are correct. MDE for Linux leverages and configures auditd rules on the device for the purpose of providing EPP & EDR functionality. Thank you!
Daniel Simpson
Microsoft
MicrosoftHi Jeff. Let me follow up on that for you. Should have an answer soon.
- TYVM!
