Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

New Blog Post | Automating the deployment of Sysmon for Linux & Azure Sentinel in a lab environment

Microsoft

JasonCohen1892_0-1634238879640.png

Automating the deployment of Sysmon for Linux :penguin: and Azure Sentinel in a lab environment 🧪 -...

Today, we celebrate 25 years of Sysinternals, a set of utilities to analyze, troubleshoot and optimize Windows systems and applications. Also, as part of this special anniversary, we are releasing Sysmon for Linux, an open-source system monitor tool developed to collect security events from Linux environments using eBPF (Extended Berkeley Packet Filter) and sending them to Syslog for easy consumption. Sysmon for Linux is built on a library also released today named sysinternalsEBPF which is built on libbpf including a library of eBPF inline functions used as helpers. 

 

In this post, we will show you how to automatically deploy a research lab environment with an Azure Sentinel instance and a few Linux virtual machines with Sysmon for Linux already installed and configured to take it for a drive and explore it.

 

Original Post: New Blog Post | Automating the deployment of Sysmon for Linux & Azure Sentinel in a lab environment ...

0 Replies