Red Canary supports several Linux distributions. In terms of distribution version support, the Linux Endpoint Detection and Response (EDR) sensor will work with Linux versions that are still supported by their upstream vendor, including Long Term Support versions. The Linux EDR sensor is not supported on upstream vendor-designated "end-of-life" versions.

Supported Linux distributions

Don’t see your distribution on this list? Contact us!

Supported architectures

• x86_64
• aarch64 (For example, ARM64, AWS Graviton, etc.)

Supported kernel versions

The following kernel versions are required to collect telemetry using Audit:

• 3.2 and above (mainline)

The following kernel versions are required to collect telemetry using eBPF:

• 4.14 and above (mainline)
• In some distributions, including CentOS and RHEL, backports for eBPF support exist on earlier kernels. RHEL supports eBPF in kernels 3.10.0-940 and above.