The Rapid7 Insight Agent collects Linux telemetry data and requires AuditD to be present but disabled. Since the Red Canary Linux Endpoint Detection and Response (EDR) agent can consume data from AuditD, this leads to challenges for running both simultaneously.

Option 1: Configure the Linux EDR sensor to use eBPF

Because the Rapid7 Insight Agent doesn't collect telemetry using eBPF, you can configure the Linux EDR sensor to use eBPF, and then run both the Linux EDR sensor and Insight Agent simultaneously.

For more information about configuring eBPF as the primary telemetry source, see Use eBPF as the default telemetry source.

Option 2: Use the Insight Agent compatibility mode

Rapid7 provides a guide for enabling Insight Agent compatibility mode with Linux assets requiring AuditD to be enabled. However, this workaround is not supported by Red Canary Linux EDR, and is not a recommended solution owing to concerns around stability and degraded functionality.