The Rapid7 Insight Agent collects telemetry data from the Linux operating system and requires AuditD to be present but disabled. Since the Red Canary Linux EDR agent can consume data from AuditD, this leads to challenges for running both simultaneously.
Estimated reading time: 2 minutes
Option 1: Configure the Linux EDR sensor to use eBPF
Because the Rapid7 Insight Agent doesn't collect telemetry using eBPF, you can configure the Linux EDR sensor to use eBPF, and then run both the Linux EDR sensor and Insight Agent simultaneously.
For more information about configuring eBPF as the primary telemetry source, see Use eBPF as the default telemetry source.
Option 2: Use the Insight Agent compatibility mode
Rapid7 provides a guide for enabling Insight Agent compatibility mode with Linux assets requiring AuditD to be enabled. However, this workaround is not supported by Red Canary Linux EDR, and is not a recommended solution owing to concerns around stability and degraded functionality.