Microsoft is extending Microsoft Defender for Endpoints support for all platforms. According to the announcement, the solution can be deployed and configured with Puppet, Ansible, or using an existing Linux configuration management tool. The full set of Microsoft Defender EDR capabilities are supported across the following popular Linux server distribution:
- RHEL 7.2+
- CentOS Linux 7.2+
- Ubuntu 16 LTS, or higher LTS
- SLES 12+
- Debian 9+
- Oracle Linux 7.2
Detections with context
With the newly launched EDR support, users can view detections with richer context. The timeline tab provides information about process creation, network connections, file creations, and login events.
Microsoft also introduced the advanced hunting tool which allows users to perform free-form investigations using a powerful query engine and an ever-growing set of useful shared queries. It also allows users to use this feature to search for threats across Linux servers, exploring up to 30 days of raw data. The architecture also seamlessly enables custom detections on top of the advanced hunting capabilities.