Version: Centos/ RHEL 7 and later, Ubuntu 18 and later, Amazon Linux 2, Oracle Linux 7 and later.

Linux is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel. An operating system is software that manages all the hardware resources associated with your desktop or laptop.

Netsurion Open XDR manages logs retrieved from Linux. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in Linux.

The following are the key assets included with this Data Source Integration.


SecurityLinux – User or group deletedGenerated when a user or group has been deleted.
SecurityLinux – Code injection by preload detectedGenerated when any code injection by dynamic linkers like is detected.
SecurityLinux – Interactive terminal spawnedGenerated when someone spawned interactive shell using scripts.
SecurityLinux – Potential disabling of SELinux detectedGenerated when someone disabled the SElinux configuration.
SecurityLinux – Suspicious process activity detectedGenerated when someone executed suspicious commands related to network.
SecurityLinux – Sensitive files compression detectedGenerated when someone compressed critical configuration files like ssh key files, bash files, and more.
SecurityLinux – Sudoers configuration file changed or modifiedGenerated when a sudoers configuration file is modified.
SecurityLinux – Symlink to critical system configuration files detectedGenerated when someone linked critical configuration files like passwd, sudoers, and more.
SecurityLinux – Command history clearedGenerated when command history has been deleted in the host.


ComplianceLinux – Login and logout activitiesProvides details about all login and log out activities and their status.
ComplianceLinux – User and group managementProvides details about all user and group management activities such as add user, delete user, change user permission, and more.
OperationalLinux – User Command executionProvides details about all command execution activity by a user.
OperationalLinux – Root activitiesProvides details about all root level commands status and related information such as a username, command, and more.


SecurityLinux – Login by geo locationDisplays the geo location of the login event.
ComplianceLinux – Critical root activitiesDisplays the data about critical root activities.
ComplianceLinux – Login activities by source IPDisplays the data about all login related activities by source IP.
ComplianceLinux – User management activitiesDisplays the data about user related activities by username.

Saved Searches

SecurityLinux – Sudoers configuration file modificationProvides details when someone tries to change the configuration in sudoers file.
SecurityLinux – User password modificationProvides details about user password change activities.
ComplianceLinux – Login and logout activitiesProvides detailed overview of user login and logout activities.
ComplianceLinux – User and group managementProvides detailed overview of activities performed by any user, such as add user, delete user, group add, group delete, and more.
OperationalLinux – Root activitiesProvides details about all root activities performed on Linux.
OperationalLinux – User command executionProvides detailed overview of commands that were executed in user shell.


The configuration details are consistent with Netsurion Open XDR 9.3 and later, andLinux.

Download the Integration Guide for configuration instructions and more information.