Can someone recommend software that would work like CarbonBlack / CrowdStrike / Cisco AMP for Endpoints – but deployable on Linux servers?
I’m imagining a scenario where you discover a server behaving in a way you find suspicious – opening connections, port scanning, etc. You want to :
* Identify the process and the binary responsible for it
* Identify the existence of that binary on the other servers
* Identify the vector – how that binary came to the server
Some of this could be done manually – but the amount of data can be staggering. If a server has an exploit that allowed the upload of the binary trough a breached webserver, well… you could imagine.
If there a software for handling this, the way it’s handled on desktops, that supports Linux? At least Red Hat and derivates (CentOS / Oracle Unbreakable / Rocky), and, maybe, Ubuntu?