Forum Discussion

Jeff Walzer's avatar
Jeff Walzer
Iron Contributor
Oct 12, 2021
Solved

MDE for Linux and audit logs

Just confirming that MDE for Linux will ingest events from the audit logs based on the following statement from Microsoft's documentation: System events captured by rules added to /etc/audit/rules....
endpoint
linux
  • Daniel Simpson's avatar
    Daniel Simpson
    Oct 12, 2021
    You are correct. MDE for Linux leverages and configures auditd rules on the device for the purpose of providing EPP & EDR functionality. Thank you!
Daniel Simpson's avatar
Daniel Simpson
Icon for Microsoft rankMicrosoft
Oct 12, 2021
You are correct. MDE for Linux leverages and configures auditd rules on the device for the purpose of providing EPP & EDR functionality. Thank you!
Jeff Walzer's avatar
Jeff Walzer
Iron Contributor
Oct 13, 2021
TYVM for the reply

Resources