Operating System Monitoring

Astral provides native support for monitoring Windows and Linux operating systems, enabling the collection and analysis of security-relevant activity at the host level. This capability allows Astral to capture events generated by the operating system itself, providing visibility into user activity, process execution, system changes, and other behaviors that are critical for detecting and investigating security incidents.

On Windows systems, Astral ingests operating system events related to authentication, authorization, account management, process and service activity, and system configuration changes. These events provide insight into potential threats such as unauthorized access, privilege misuse, persistence mechanisms, and suspicious execution behavior.

On Linux systems, Astral monitors operating system logs and events that reflect user actions, system processes, privilege escalation attempts, and changes to critical system components. This visibility supports the detection of anomalous behavior, misuse of administrative privileges, and indicators of compromise within Linux-based environments.

All operating system events collected from Windows and Linux are processed through Astral’s unified ingestion and analysis pipeline. Events are analyzed, normalized, and correlated with data from other sources such as network monitoring, API-based integrations, and external risk signals. By integrating host-level telemetry into the SIEM, Astral enables accurate detection, contextual investigation, and coordinated response through Inopli’s Response and RPA capabilities, ensuring comprehensive coverage across endpoint and infrastructure layers.