Enabling Linux Analysis
The Linux analysis currently updating, when the module is updated this section will be updated as well.
Last updated
Was this helpful?
The Linux analysis currently updating, when the module is updated this section will be updated as well.
Last updated
Was this helpful?
Linux analysis enables full visibility of Linux systems. The Linux analysis module discovers activities inside a Linux system by collecting and analyzing processes running, user creation, commands executed, login activity, and scheduled entries.
To enable Linux Analysis:
Define an SSH user who has root privileges on Linux systems by navigating Settings & Reporting --> Credential Settings --> Remote Credential. Click "+Credential," and define the credential as shown below.
2. To enable the Linux Analysis policies, go to Policy & Rules -> Policy Management --> Policy Rules. Click the "+Policy" button, and select Module as "Linux Artifacts" and Event as "Linux Discovery."
3. Bind the policy to the group to activate your policy. Go to Policy & Rules -> Policy Management -> Group Management and select the group for editing and bind the policy.
The system automatically activates the policy, and information from Linux devices is collected at every interval defined in the policy.
4. To analyze the collected information from Linux devices, go to Threat Hunting --> Analysis & Investigation and select one of the Linux-related menus from the top of the page.
