linux
3 TopicsMDE for Linux and audit logs
Just confirming that MDE for Linux will ingest events from the audit logs based on the following statement from Microsoft's documentation: System events captured by rules added to /etc/audit/rules.d/ will add to audit.log... We need to monitor file access and our Linux admin has configured the audit rules to record that information and with that, I just want to verify that the MDE for Linux agent will ingest those events. ThxSolved4.7KViews0likes4CommentsWSL CommandLine Support
I noticed while doing some Advanced Hunting in MDATP, that there is some visibility into processes executed via WSL. But, the ProcessCommandLine's are all blank; we can only see the process name. Will CommandLine visibility for WSL processes be added in the future?1.1KViews0likes0Comments