For those unfamiliar with Sysmon (also known as System Monitor), is a Sysinternals tool that monitors a system for malicious activity and then records any suspicious behavior in system logs.
Sysmon flexibility comes from the ability to create custom configuration files, which administrators can use to monitor specific system events that may indicate malicious activity on the system.
Today, the Mark Russinovich Microsoft and co-founder of the Sysinternals helper suite, announced that Microsoft had released the Linux version of Sysmon as an open source project on GitHub.
Unlike Sysmon for Windows, Linux users will have to compile the program themselves and make sure they have all the required components, with instructions provided on the project’s GitHub page.
It is important to note that in order to compile Sysmon, you must also first install it SysinternalsEBPF.