endpoint

1 Topic

MDE for Linux and audit logs
Just confirming that MDE for Linux will ingest events from the audit logs based on the following statement from Microsoft's documentation: System events captured by rules added to /etc/audit/rules.d/ will add to audit.log... We need to monitor file access and our Linux admin has configured the audit rules to record that information and with that, I just want to verify that the MDE for Linux agent will ingest those events. Thx
Solved
Jeff Walzer
Oct 12, 2021 Place Microsoft Defender for Endpoint
4.9KViews
0likes
4Comments