Once your Red Canary account is activated, you can begin collecting runtime telemetry from your cloud instances. Runtime telemetry is some of the most valuable data because it gives you complete visibility over your entire Linux system in the cloud: processes, network connections, DNS queries, and user activity, across physical, virtual, containerized workloads, and network TCP & UDP (IPv4, IPv6). This data is collected by various types of endpoint sensors and then sent to Red Canary. 

Select a Cloud Instance sensor

Red Canary supports a number of runtime sensors that have passed our stringent quality tests. Red Canary does not support the multitude of products that do not collect an acceptable amount of data for investigation and incident response. 

Supported Cloud Instance sensors

• Red Canary Linux EDR
• Carbon Black
• Crowdstrike
• SentinelOne
• Palo Alto Cortex
• Microsoft Defender for Endpoint

Deploy endpoint sensors

Cloud runtime sensors should be deployed using the instructions from your vendor. All platforms require the installation of a software application on each of your endpoints. 

Verify sensor deployment

Following deployment you’ll need to ensure all instances are monitored by your EDR product and Red Canary.

Using Red Canary’s Endpoint Discovery tool, Red Canary can discover and list all compute instances and whether or not they are protected with a sensor.

Your Red Canary dashboard reports the number of instances monitored in the last week as well as the amount of telemetry collected from those endpoints and analyzed by Red Canary.