# Enabling Linux Analysis

~~Linux analysis enables full visibility of Linux systems. The Linux analysis module discovers activities inside a Linux system by collecting and analyzing processes running, user creation, commands executed, login activity, and scheduled entries.~~

~~To enable Linux Analysis:~~

1. ~~Define an SSH user who has root privileges on Linux systems by navigating  Settings & Reporting --> Credential Settings --> Remote Credential. Click  "+Credential," and define the credential as shown below.~~

<figure><img src="/files/JdmDqvT77ANvlr5PZmd7" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/SYR7OfWtmAYoEtYVWdRK" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
~~Use for enumeration should be enabled for this user to enumerate discovered devices as Linux. Discovered devices are automatically classified as Linux if a defined SSH user can connect them.~~
{% endhint %}

~~2.  To enable the Linux Analysis policies, go to Policy & Rules -> Policy Management --> Policy Rules. Click the "+Policy" button, and select Module  as "Linux Artifacts" and Event as "Linux Discovery."~~

<figure><img src="/files/RJY1DSdmFfV92KuJpYj9" alt=""><figcaption></figcaption></figure>

~~3. Bind the policy to the group to activate your policy. Go to  Policy & Rules -> Policy Management -> Group Management and select the group for editing and bind the policy.~~

<figure><img src="/files/AH1xk5L9wrCM0Eua5qRp" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/foyIcu0NS9EPmdX23GER" alt=""><figcaption></figcaption></figure>

~~The system automatically activates the policy, and information from Linux devices is collected at every interval defined in the policy.~~&#x20;

~~4. To analyze the collected information from Linux devices, go to Threat Hunting --> Analysis & Investigation and select one of the Linux-related menus from the top of the page.~~

<figure><img src="/files/ULcgFgAowwgKA9KTHqRV" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudcyte.com/getting-started/configuring-modules/network-security/enabling-linux-analysis.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.