Oct 12 2021 05:46 AM
Just confirming that MDE for Linux will ingest events from the audit logs based on the following statement from Microsoft's documentation:
System events captured by rules added to /etc/audit/rules.d/ will add to audit.log...
We need to monitor file access and our Linux admin has configured the audit rules to record that information and with that, I just want to verify that the MDE for Linux agent will ingest those events.
Thx
Oct 12 2021 10:28 AM
Oct 12 2021 01:19 PM
SolutionOct 12 2021 01:19 PM
Solution