Hi,
do you think it is good idea to install sysmon for linux (GitHub - Sysinternals/SysmonForLinux) to netVM to log as much as possible to detect potential intrusion? Or it dont make sense in the context of Qubes architecture? Goal is to detect malware intrusion on any AppVM connected to netVM with sysmon.
Thank you