Recently I have come across a situation where I need to install Sysmon on a Linux virtual machine in Azure subscription and analyze those logs in Log analytics workspace. This post is a quick guide to help installing Sysmon and analyzing logs using Kusto query language. Prerequisites to install Sysmon for Linux Ensure the Linux virtual machine is on boarded to Log analytics workspace. Collect Syslog events with Azure Monitor Agent. Install using this Installing Sysmon on Linux For complete installation process on various .nix operating systems, follow Sysmon installation instructions here Ubuntu 20.04 & 22.04 Register Microsoft key and feed wget -q https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb sudo dpkg -i packages-microsoft-prod.deb Install SysmonForLinux sudo apt-get update sudo apt-get install sysmonforlinux The Kusto query to parse the Sysmon logs on a Linux can be found here. let Eventlogs =