TL;DR We have just launched a new version of our popular endpoint scanner for Linux machines, so the Autonomous SOC platform can now provide even more evidence and comprehensive analysis instantly.
Our automated endpoint scanner for memory forensics is a valuable tool in Intezer, and now it’s available for investigating and triaging Linux endpoints. This new capability for Linux endpoint forensics is a significant addition to our automated endpoint scanner, especially for teams investigating potential fileless threats on Windows systems.
This new investigation tool for Linux endpoints expands the capabilities of the Autonomous SOC platform, catering to the diverse operating systems used in today’s tech world.
Why Linux Forensics Matters
Linux systems play a crucial role in enterprise environments and are increasingly prevalent. Intezer’s latest update introduces a suite of powerful tools tailored for investigating Linux environments, further enhancing our commitment to providing a robust, automated Tier 1 SOC experience.
Key Features of the Linux Endpoint Scanner
- Live Process Memory Scanning: Detects active threats that are hard to uncover.
- Injected Modules Detection: Identifies malicious modules injected into legitimate processes.
- Collection of Deleted Executables: Recovers and analyzes deleted executables running in memory.
- Proxy and Container Support: Offers flexibility in varied network environments and initial containerized application support.
We take pride in the meticulous development of these features. The new scanner, built in Rust, is fast, efficient, safe, and stable for production environments. Unlike continuous monitoring solutions, this tool is designed for targeted scans and investigations, ensuring minimal impact on system performance.
The Autonomous SOC Process for Triaging Endpoints
The new Linux endpoint scanner automatically triggers based on the Intezer alert triage process. During an autonomous investigation, if further evidence is needed, Intezer will execute the endpoint scanner through your XDR on Linux or Windows systems.
Users can also initiate an on-demand endpoint scan directly from the Linux machine or remotely.
Our aim is to replicate the expertise of security analysts through advanced technology, delivering a seamless and efficient cybersecurity experience. The Linux endpoint forensics capability is a step forward in this journey, aligning with our mission to offer comprehensive, automated solutions to address critical security challenges.
Get Started with Linux Forensics in Intezer
If you’re already an Intezer customer, refer to our documentation to set up the automated response action in your XDR for scanning Linux endpoints. The Linux endpoint scanner is available for download on the Intezer Endpoint Analysis page with the new “Download for Linux” button.
Not a customer but interested in witnessing the new Linux endpoint scanner in action?
Schedule a demo to explore how Intezer can revolutionize your security operations. For general inquiries, check out our FAQ section.
Former leader of a government CERT, now CEO at Intezer, reshaping cybersecurity incident investigation and response.
