The use cases described below are performed on an Ubuntu 22.04 endpoint that has a ThreatLockDown agent installed and enrolled to a ThreatLockDown server.
Monitoring file and directory access Monitoring commands run as root Privilege abuse