03-19-2024 03:59 AM
I am aware that Cortex XDR Agent can monitor traffic leaving WSL in the same way that it does with VMWARE or other virtualisation platforms with the WSL processes being a source of activity onto the windows system which is monitored, but the internal activity of the WSL cannot be monitored.
Is there an active solution for deploying Cortex XDR Agent within WSL in some manner to allow internal monitoring for a comprehensive overview of those systems?
03-22-2024 09:14 AM
Hello @antony.lamsdell
Thanks for reaching out on LiveCommunity.
Unfortunately XDR do not provide detailed visibility inside WSL workloads.
We support WSL with limited set of capabilities including ransomeware protection, Limited analytics detectors on process based actions and basic process activities. Heuristic modules like BTP are not available.
Please click Accept as Solution to acknowledge that the answer to your question has been provided.
03-22-2024 09:14 AM
Hello @antony.lamsdell
Thanks for reaching out on LiveCommunity.
Unfortunately XDR do not provide detailed visibility inside WSL workloads.
We support WSL with limited set of capabilities including ransomeware protection, Limited analytics detectors on process based actions and basic process activities. Heuristic modules like BTP are not available.
Please click Accept as Solution to acknowledge that the answer to your question has been provided.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
