Update run-analyzer-macos-linux.md

denisebmsft · denisebmsft · commit 895e4acd529f · 2025-01-05T08:47:18.000-08:00
diff --git a/defender-endpoint/run-analyzer-macos-linux.md b/defender-endpoint/run-analyzer-macos-linux.md
@@ -252,67 +252,69 @@ Usage example: `sudo ./MDESupportTool -d`
 > [!NOTE]
 > The log level auto-reset feature only available in 2405 or newer client version.
 
-The files generated when using this mode:
+The files generated when using this mode are summarized in the following table:
+
 | File  | Remarks |
 | ------------- | ------------- |
-| mde_diagnostic.zip  | MDE logs and configs  |
-| health.txt  | The health status of MDE [^1]  |
-| health_details_features.txt  | The health status of additional MDE features [^1]   |
-| permissions.txt  | Permission issues with the folders owned/used by MDE [^1]   |
-| crashes  | Crash dumps generated by MDE |
-| process_information.txt  | Process running in the machine when the tool was run |
-| proc_directory_info.txt  | Mapping of the virtual memory of MDE processes [^1]   |
-| auditd_info.txt  | Auditd health, rules, logs |
-| auditd_log_analysis.txt  | Summary of events processed by auditd  |
-| auditd_logs.zip  | Auditd log files  |
-| ebpf_kernel_config.txt  | Currently loaded Linux Kernel config  |
-| ebpf_enabled_func.txt  | List of all the kernel functions that are currently enabled for tracing |
-| ebpf_syscalls.zip | Information about system call tracing  |
-| ebpf_raw_syscalls.zip  | Tracing events related to raw system calls  |
-| ebpf_maps_info.txt  | eBPF maps' id and size info  |
-| syslog.zip  | The files usder /var/log/syslog  |
-| messages.zip  | The files under /var/log/messages  |
-| conflicting_processes_information.txt  | MDE Conflicting Processes |
-| exclusions.txt  | List of AV exclusions |
-| definitions.txt  | AV defintion info  |
-| mde_directories.txt | List of files in the MDE directories |
-| disk_usage.txt  | Disk usage details |
-| mde_user.txt | MDE User Info |
-|  mde_definitions_mount.txt |  MDE Definitions Mount Point |
-| service_status.txt | MDE Service Status |
-| service_file.txt | MDE Service File |
-| hardware_info.txt | Hardware Information |
-| mount.txt | Mount point information |
-| uname.txt | Kernel info |
-| memory.txt | System memory info |
-| meminfo.txt | Detailed information about the system's memory usage |
-| cpuinfo.txt | CPU Information |
-| lsns_info.txt | Linux namespace information |
-| lsof.txt | MDE Open File Descriptors Information [^1]  |
-| sestatus.txt | MDE Open File Descriptors Information |
-| lsmod.txt | Status of modules in the Linux kernel |
-| dmesg.txt | Messages from the kernel ring buffer |
-| kernel_lockdown.txt | kernel lockdown Info |
-| rtp_statistics.txt | MDE Real Time Protection(RTP) statistics [^1]   |
-| libc_info.txt | libc library information |
-| uptime_info.txt | Time since last restart |
-| last_info.txt | Listing of last logged in users |
-| locale_info.txt | Show current locale |
-| tmp_files_owned_by_mdatp.txt | /tmp files owned by group:mdatp [^1]  |
-| mdatp_config.txt | All the MDE configurations [^1]  |
-| mpenginedb.db, mpenginedb.db-wal, mpenginedb.db-shm | AV definations file [^1]  |
-| iptables_rules.txt | Linux iptables rules |
-| network_info.txt | Network information |
-| sysctl_info.txt | kernel settings info |
-| hostname_diagnostics.txt | Hostname diagnostics information |
-| mde_event_statistics.txt | MDE Event statistics [^1]  |
-| mde_ebpf_statistics.txt | MDE eBPF statistics [^1]  |
-| kernel_logs.zip | Kernel logs |
-| mdc_log.zip | Microsoft Defender for Cloud logs |
-| netext_config.txt |  |
-| threat_list.txt | List of threats detected by MDE [^1]  |
-| top_output.txt | Process running in the machine when the tool was run |
-| top_summary.txt | Memeory and CPU usage analytics of the process running |
+| `mde_diagnostic.zip`  | Defender for Endpoint logs and configs  |
+| `health.txt`  | The health status of Defender for Endpoint [^1]  |
+| `health_details_features.txt`  | The health status of additional MDE features [^1]   |
+| `permissions.txt`  | Permission issues with the folders owned/used by MDE [^1]   |
+| `crashes`  | Crash dumps generated by MDE |
+| `process_information.txt`  | Process running in the machine when the tool was run |
+| `proc_directory_info.txt`  | Mapping of the virtual memory of MDE processes [^1]   |
+| `auditd_info.txt`  | Auditd health, rules, logs |
+| `auditd_log_analysis.txt`  | Summary of events processed by auditd  |
+| `auditd_logs.zip`  | Auditd log files  |
+| `ebpf_kernel_config.txt`  | Currently loaded Linux Kernel config  |
+| `ebpf_enabled_func.txt`  | List of all the kernel functions that are currently enabled for tracing |
+| `ebpf_syscalls.zip` | Information about system call tracing  |
+| `ebpf_raw_syscalls.zip`  | Tracing events related to raw system calls  |
+| `ebpf_maps_info.txt`  | eBPF maps' id and size info  |
+| `syslog.zip`  | The files usder /var/log/syslog  |
+| `messages.zip`  | The files under /var/log/messages  |
+| `conflicting_processes_information.txt`  | MDE Conflicting Processes |
+| `exclusions.txt`  | List of AV exclusions |
+| `definitions.txt`  | AV defintion info  |
+| `mde_directories.txt` | List of files in the MDE directories |
+| `disk_usage.txt`  | Disk usage details |
+| `mde_user.txt` | MDE User Info |
+| `mde_definitions_mount.txt` |  MDE Definitions Mount Point |
+| `service_status.txt` | MDE Service Status |
+| `service_file.txt` | MDE Service File |
+| `hardware_info.txt` | Hardware Information |
+| `mount.txt` | Mount point information |
+| `uname.txt` | Kernel info |
+| `memory.txt` | System memory info |
+| `meminfo.txt` | Detailed information about the system's memory usage |
+| `cpuinfo.txt` | CPU Information |
+| `lsns_info.txt` | Linux namespace information |
+| `lsof.txt` | MDE Open File Descriptors Information [^1]  |
+| `sestatus.txt` | MDE Open File Descriptors Information |
+| `lsmod.txt` | Status of modules in the Linux kernel |
+| `dmesg.txt` | Messages from the kernel ring buffer |
+| `kernel_lockdown.txt` | kernel lockdown Info |
+| `rtp_statistics.txt` | MDE Real Time Protection(RTP) statistics [^1]   |
+| `libc_info.txt` | libc library information |
+| `uptime_info.txt` | Time since last restart |
+| `last_info.txt` | Listing of last logged in users |
+| `locale_info.txt` | Show current locale |
+| `tmp_files_owned_by_mdatp.txt` | /tmp files owned by group:mdatp [^1]  |
+| `mdatp_config.txt` | All the MDE configurations [^1]  |
+| `mpenginedb.db`, `mpenginedb.db-wal`, `mpenginedb.db-shm` | AV definations file [^1]  |
+| `iptables_rules.txt` | Linux iptables rules |
+| `network_info.txt` | Network information |
+| `sysctl_info.txt` | kernel settings info |
+| `hostname_diagnostics.txt` | Hostname diagnostics information |
+| `mde_event_statistics.txt` | MDE Event statistics [^1]  |
+| `mde_ebpf_statistics.txt` | MDE eBPF statistics [^1]  |
+| `kernel_logs.zip` | Kernel logs |
+| `mdc_log.zip` | Microsoft Defender for Cloud logs |
+| `netext_config.txt` |  |
+| `threat_list.txt` | List of threats detected by MDE [^1]  |
+| `top_output.txt `| Process running in the machine when the tool was run |
+| `top_summary.txt` | Memeory and CPU usage analytics of the process running |
+
 [^1]: Only when MDE is installed.
 
 ### Positional arguments
