Forum Discussion

danggIT's avatar
danggIT
Copper Contributor
Feb 21, 2020

Public Preview for MD ATP for Linux

Hi Microsoft Community - Yesterday's blog officially announced public preview for MDATP for linux.

https://www.microsoft.com/security/blog/2020/02/20/microsoft-threat-protection-intelligence-automation/?irgwc=1&OCID=AID2000142_aff_7794_1246483&tduid=%28ir__hdhb0ypbukkftlhekk0sohz3xm2xlt1p1gqwjkc000&irgwc=1&OCID=AID2000142_aff_7593_159229&tduid=(ir__ezfojkpqzokftw32kk0sohznxn2xltu0ulhhg6sl00)(7593)(159229)()(UUwpUdUnU75053YYwYg)&irclickid=_ezfojkpqzokftw32kk0sohznxn2xltu0ulhhg6sl00

 

I'm very interested in testing this functionality out for my enterprise. Can anyone let me know if further documentation has been published on this or if anything special is required to gain access to the public preview?

In Security Center Onboarding I only see instructions for MacOS or "other OS via 3rd party".

 

I'm starting to look at Sentinel One, but Ziften Zenith seems to be dormant.. I haven't been able to get through to anyone via their demo scheduling pipeline or their main phone number.

4 Replies

  • h-yamane's avatar
    h-yamane
    Copper Contributor
    Mar 13, 2020

    Hi danggIT,

     

    I've installed MD ATP for Linux to my Debian testing (will be Debian11 "bullseye" machine.

    Installation is fine but got lot error messages from time to time as 

    [{microsoft_defender_core}]: [933][2020-03-13 23:13:35.329940 UTC][error]: {"code":{"key":"generic","value":9},"call_stack":{"frames":[{"file":"event_provider_request.cpp","line":32}]},"context":["/lib/x86_64-linux-gnu/libutil-2.29.so"]}
    [{microsoft_defender_core}]: [933][2020-03-13 23:14:04.423376 UTC][error]: {"code":{"key":"generic","value":9},"call_stack":{"frames":[{"file":"event_provider_request.cpp","line":32}]},"context":["/lib/x86_64-linux-gnu/libc-2.29.so"]}
    [{microsoft_defender_core}]: [933][2020-03-13 23:14:30.544355 UTC][error]: {"code":{"key":"generic","value":9},"call_stack":{"frames":[{"file":"event_provider_request.cpp","line":32}]},"context":["/lib/x86_64-linux-gnu/libdl-2.29.so"]}

     

    I know it does not support Debian11 officially, but I hope it would work as well as other Debian versions. Please let me know if you want more information to investigate this issue, thanks.

     

     

     

  • Sentry23's avatar
    Sentry23
    Copper Contributor
    Mar 12, 2020

    danggIT So far I'm deploying manually to some Debian systems with this instruction:

    https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually

    A nearly EOL Debian Jesse install gave some headaches on a libc dependenc, but it worked without issues on later versions.

     

    I'm just wondering if I have some firewall issue somewhere as I'm not seeing alerts and timeline show up in the portal, even though health and connectivity status show OK on the systems.

     

    • danggIT's avatar
      danggIT
      Copper Contributor
      Mar 12, 2020

      Sentry23 

      Thanks for the info. I got in touch with my MS TAM after posting this and a few days later they pointed me to the new documentation you referenced. I'm currently working with my Linux team to get it deployed on a test machine for Ubuntu. Will update with any feedback.