Microsoft’s Endpoint Detection and Response (EDR) tool is now making its way to Microsoft Defender ATP on Linux. This feature was part of Windows Defender and is now becoming available on open source distros. With EDR, Microsoft Defender detects server-level high-grade attacks and can quickly offer remedies to prevent them. Some of the core features of the tool include:
“Rich investigation experience, which includes machine timeline, process creation, file creation, network connections, login events, and advanced hunting. Optimized performance-enhanced CPU utilization in compilation procedures and large software deployments. In-context AV detection. Just like with the Windows edition, you’ll get insight into where a threat came from and how the malicious process or activity was created.”
Availability
EDR on Microsoft Defender Linux is available for users running Linux servers CentOS Linux 7.2 and above, RHEL 7.2 and above, Ubuntu 16.04 or higher, SLES 12 or higher, Debian, or Oracle Linux 7.2. It is worth noting there is a fundamental difference between Microsoft Defender on Windows and on Linux. Specifically, the tool is not a standalone client on Linux like it is on Windows 10. This means if you have a Linux laptop, you cannot use Microsoft Defender as your security suite. So far the service is limited to Linux servers on the open source platform. This may change in the future but for now Defender focuses on preventing server and network level threats.