TL;DR We just released a new version of our popular endpoint scanner for Linux machines, so the Autonomous SOC platform can immediately get you even more of the evidence and comprehensive analysis you need.

The automated endpoint scanner for memory forensics is a powerful tool in Intezer and now it’s available for investigating and triaging Linux endpoints. We’re excited to announce this new capability for Linux endpoint forensics, which we know is an important addition for all the teams who already rely on our automated endpoint scanner to investigate potential fileless threats on Windows systems.

This new investigation tool for Linux endpoints is an important expansion for the Autonomous SOC platform, since today’s tech world uses diverse operating systems.

Why Linux Forensics Matters

Linux systems are widely used in enterprise environments (and growing!), making them a critical component of comprehensive cyber defense strategies. Now Intezer’s latest update brings a suite of powerful tools designed specifically for investigating Linux environments. This move broadens Intezer’s reach and deepens our commitment to provide a robust, automated Tier 1 SOC experience for our users.

Key Features of the Linux Endpoint Scanner

1. Live Process Memory Scanning: Detects active threats that are otherwise hard to uncover.
2. Injected Modules Detection: Identifies malicious modules injected into legitimate processes.
3. Collection of Deleted Executables: Recovers and analyzes executables that have been deleted but are still running in memory.
4. Proxy and Container Support: Offers flexibility in varied network environments and initial support for containerized applications.

We’re proud of the dedication and attention to detail that went into developing these features. The new scanner, crafted in Rust, is fast and efficient, as well as safe and stable for production environments. Unlike continuous monitoring solutions for regular detection purposes, this tool is designed for targeted, one-time scans and investigations, ensuring minimal impact on system performance.

The Autonomous SOC Process for Triaging Endpoints

The new Linux endpoint scanner fires automatically based on the Intezer alert triage process. During an autonomous investigation of an alert, Intezer might determine that it needs further evidence to make a final decision. In those cases, Intezer would automatically execute the endpoint scanner through your XDR; now, it can also do it on Linux or Windows systems.

Users can also launch an on-demand endpoint scan, directly from the Linux machine or remotely.

As always, our goal is to mimic the expertise of security analysts through advanced technology, providing a seamless and efficient cybersecurity experience. The Linux endpoint forensics capability is a step forward in this journey, aligning perfectly with our mission to offer more comprehensive, automated solutions that address critical security challenges.

Get Started with Linux Forensics in Intezer

Already an Intezer customer? Check our documentation to learn how to set up the automated response action in your XDR to scan Linux endpoints. The Linux endpoint scanner is also readily available for download on the Intezer Endpoint Analysis page, just look for the new “Download for Linux” button to get started.

Not a customer but interested in seeing the new endpoint scanner for Linux in action?

Book a demo and find out how Intezer could transform your security operations. If you’re looking for more general information, check out our FAQ section here.