There have been posts about our exciting new Linux EDR release elsewhere on the forum, but in case you missed them; here they are!We have had our Live Discover feature available for Linux Servers in our Early Access Program for a couple of months; this will be launching next week. Live Discover allows admins to search their data to answer almost any question they can think of by searching across their servers using SQL. You can choose from a selection of pre-created queries that can be fully customized to pull the exact information that you need and help answer IT operations and threat hunting questions.
Check out these videos which walk through using Live Discover and give an overview of the threat hunting and IT operational use cases where it can support you:
Selecting devices for a query
Using Live Discover to support IT Operations use cases
Using Live Discover for Threat Hunting
Using Live Discover for a forensic investigation
The full library of EDRv3 shared videos can be found here.In this video, Ethan, one of the core linux developers who has been building the features takes the product for a test drive and shows off some of the power and simplicity of Live Discover for Linux.
Ethan shows how to use a query that leverages lenses to parse configuration files to check if the linux system allows password based authentication for root users over ssh. To top it off he then uses the Live Response feature (coming on Linux later this summer) to go fix the problem remotely and then run the query again to confirm the problem has been fixed.