wheessential.blogg.se - Microsoft edge linux opensusefoleyzdnet

Events added by Microsoft Defender for Endpoint on Linux will be tagged with mdatp key. System events captured by rules added to /etc/audit/rules.d/ will add to audit.log(s) and might affect host auditing and upstream collection.

The fanotify kernel option must be enabled.

With minimal requirement for the kernel version to be on or above 3.10.0-327. Microsoft Defender for Endpoint implementation for all other supported distributions and versions is kernel-version-agnostic.

See the list below for the list of supported kernels. You must verify that the kernel is the supported before updating to the newer kernel version.

Microsoft Defender for Endpoint on RHEL/CentOS - 6.7 to 6.10 is a Kernel based solution.