Jump to content

Sysmon for Linux

Corrine

By Corrine
in Bruno's All Things Linux

 Share

Recommended Posts

securitybreach

securitybreach

Posted
Posted

He might have to change the name considering there is already an application for linux called sysmon and its graphical:

 

Sysmon is a free open source GUI-based Linux system activity monitoring application for Linux. You can use it to monitor system process, CPU, memory, network, disk (HDD and SDD), and GPU details. The UI looks like Windows Task Manager. You can check the CPU details for each core clock speed. It is released under the GNU General Public License v3.0. Sysmon is still in its infancy, but looks promising.

 

https://codepre.com/sysmon-linux-system-activity-monitor-install-sysmon-on-ubuntu.html

Link to comment
Share on other sites
abarbarian

abarbarian

Posted
Posted
Quote

Heh! I thing MS has been using that name a lot longer than Linux...

 

 

Is this a start of a trend ? Penguins stealing stuff from Microsoft  😱 Was Gates right saying that the penguin was the devil incarnate 🥵 It may only be a name but it could be the point of the thin wedge. 🤣

Link to comment
Share on other sites
securitybreach

securitybreach

Posted
Posted
2 minutes ago, abarbarian said:

 

 

Is this a start of a trend ? Penguins stealing stuff from Microsoft  😱 Was Gates right saying that the penguin was the devil incarnate 🥵 It may only be a name but it could be the point of the thin wedge. 🤣

 

Well you could say the same thing about microsoft. With Windows Subsystem for Linux (WSL), Microsoft offers bash, ubuntu, mint, etc. Powershell lets you use linux commands and shortcuts., etc. etc.

Link to comment
Share on other sites
abarbarian

abarbarian

Posted
Posted
On 7/24/2021 at 5:57 PM, securitybreach said:

Well you could say the same thing about microsoft.

 

Not really . MS are trying to emulate some of the best computer software on the planet. :devil:

  • Agree 1
Link to comment
Share on other sites
  • 1 year later...
Corrine

Corrine

Posted
  • Author
Posted

Bumping this old topic to add information about Sysmon for Linux in Elastic.  According to the thread in Twitter, " Sysmon For Linux in Elastic is very, very good once you have the fields parsed."  For the parsed fields see Sysmon for Linux Pipeline for Elastic Agent.

 

Details:
1. Create a new Pipeline and import the JSON as listed. Call it "Sysmon for Linux" or whatever.
2. Add a new "Pipeline" processor to the existing syslog Pipeline, and list the new processor's name.
3. Enjoy your parsed Sysmon events!

 

 

 

 

Link to comment
Share on other sites
  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...