Sysmon for Linux Logo

Sysmon for Linux

0
Free
1,947
03 Jul 2025
10 September 2025
SIEM
Sysmon
Linux
Security Monitoring
Visit Website

Sysmon for Linux is a tool that monitors and logs system activity including process lifetime, network connections, file system writes, and more. Sysmon works across reboots and uses advanced filtering to help identify malicious activity as well as how intruders and malware operate on your network. Installation: The packages are available in the official Microsoft Linux repositories and instructions on how to install the packages for the different Linux distributions can be found in the Installation instructions. Build: Please see build instructions here. Autodiscovery of Offsets: On systems that are BTF enabled, Sysmon will use BTF for accurate kernel offsets. Sysmon also supports specifying standalone BTF files (using /BTF switch). There are several ways to generate BTF files and BTFHub has a number of standalone BTF files for different distributions/kernels. If BTF isn't available, Sysmon attempts to automatically discover the offsets of some members of some kernel structs. If this fails, please provide details of the kernel version (and config if possible).

FEATURES

EXPLORE BY TAGS

Sysmon

Linux

Security Monitoring

SIMILAR TOOLS

Blauhaunt Logo
Blauhaunt

A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.

Free
SIEM
LastActivityView Logo
LastActivityView

A tool that collects and displays user activity and system events on a Windows system.

Free
SIEM
Log-Killer Logo
Log-Killer

Tool for deleting logs on Linux/Windows servers.

Free
SIEM
Apache Metron Logo
Apache Metron

Apache Metron is a centralized tool for security monitoring and analysis that integrates various open-source big data technologies.

Free
SIEM
StreamAlert Logo
StreamAlert

Serverless, real-time data analysis framework for incident detection and response.

Free
SIEM
LogSlash Logo
LogSlash

A method for log volume reduction without losing analytical capability.

Free
SIEM
syslog-ng Logo
syslog-ng

A log management solution that optimizes SIEM performance, provides rapid search and troubleshooting, and meets compliance requirements.

Commercial
SIEM
Graylog Logo
Graylog

Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.

Commercial
SIEM
Elastic Security Logo
Elastic Security

Elastic is a search-powered AI company that enables users to find answers from all data in real-time at scale.

Commercial
SIEM

PINNED

RoboShadow Logo

RoboShadow

A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.

Vulnerability Management
Proton Pass Logo

Proton Pass

Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.

Data Protection
NordVPN Logo

NordVPN

NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.

Network Security
Mandos Logo

Mandos

Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Consulting
CybersecTools logoCybersecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

VAT: NL005301434B12

Copyright © 2025 - All rights reserved

LINKS
BlogContact
LEGAL
Terms of servicesPrivacy policy