Endpoint detection and response (EDR) capabilities for Microsoft Defender for Endpoint on Linux are now available in public preview.
Linux EDR will help Defender for Endpoint customers better protect Linux servers and networks and quickly take action against threats, Microsoft said.
SEE: Linux service control commands (TechRepublic Premium)
Microsoft Defender for Endpoint on Linux supports recent versions of the six most common Linux server distributions supported by Microsoft, which includes RHEL 7.2+, CentOS Linux 7.2+, Ubuntu 16 LTS or higher, SLES 12+, Debian 9+ and Oracle Linux 7.2.
Customers will need to enable preview features in Microsoft Defender Security Center if they want to try out the new Defender for Endpoint preview features, and will also need to be running version 101.12.99 or higher.
Microsoft has published more detailed steps for getting started on its Tech Community blog.
The new endpoint detection and response capabilities build on the preventative antivirus capabilities and reporting tools already available through the Microsoft Defender Security Centre.
SEE: Top Windows 10 run commands (free PDF) (TechRepublic)
Specifically, the new Defender for Endpoint EDR capabilities include:
- Rich investigation experience, including machine timeline, process creation, file creation, network connections, login events and advanced hunting.
- Enhanced CPU utilization in compilation procedures and large software deployments.
- In-context AV detections, providing insight into where a threat came from and how the malicious process or activity was created.
Microsoft said: “With the new Linux EDR capabilities, Defender for Endpoint customers will have the ability to detect advanced attacks that involve Linux servers, utilize rich experiences, and quickly remediate threats.”