Microsoft Defender ATP coming to Linux
Last week, we reported that Microsoft plans to add Linux support for Chromium-based Edge. This week, Microsoft announced that it will be bringing another of its services to Linux: Microsoft Defender Advanced Threat Protection, which the company describes as follows:
Microsoft Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Windows Defender ATP will be available for RHEL 7+, CentOS Linux 7+, Ubuntu 16 LTS, or higher LTS, SLES 12+, Debian 9+, and Oracle EL 7. The service will be deployed and configured with Puppet, Ansible, or an enterprise's existing Linux configuration management tool. Microsoft's announcement did not include a date release date, it did state that a public preview will be available "in the next few days."
The initial release will include preventative capabilities for Linux servers, as well as the Microsoft Defender Security Center. The preventative capabilities entail a full command line experience for configuration and management of the agent, initiation of scans, and management of threats. The Security Center will present the following basic device and alert information:
Antivirus alert information:
- Severity
- Scan type
- Device information (see below for details)
- File information (name, path, size, and hash)
- Threat information (name, type, and state)
Device information:
- Machine identifier
- Tenant identifier
- App version
- Hostname
- OS type
- OS version
- Computer model
- Processor architecture
- Whether the device is a virtual machine
The post Microsoft Defender ATP coming to Linux appeared first on The Tech Report.