Red Canary supports the same platforms and operating system (OS) versions as the underlying Endpoint Detection and Response (EDR)/Endpoint Protection Platform (EPP) platforms that we leverage. Please refer to the vendor-specific resources below for the most up-to-date information.

Carbon Black EDR [formerly known as Response]

Organizations most commonly run Carbon Black Response on the following range of platforms:

• Windows XP SP3 to Windows 10 v1909
• Windows Server 2003 to Windows Server 2019
• MacOS 10.7.4 (Lion) to 10.15 (Catalina)
• RHEL 6.4 to 8.3
• CentOS 6.4 to 8.3
• SUSE 12 (SP2-SP5) to 15 (SP1-SP2)
• Ubuntu 18.04 to 20.04

Don't see your OS or need to understand more about the EDR sensor's compatibility? Click here to see the comprehensive list.

Carbon Black Cloud [formerly known as ThreatHunter / Defense]

Organizations most commonly run Carbon Black ThreatHunter on the following range of platforms:

• Windows Vista SP2 to Windows 10 v1909
• Windows Server 2008 R2 to Windows Server 2019
• MacOS 10.10 (Yosemite) to 10.15 (Catalina)
• RHEL 6.6 to 8.3
• CentOS 6.6 to 8.3
• SUSE 12 (SP2-SP5) to 15 (SP1-SP2)
• Ubuntu 18.04 to 20.04

Don't see your OS or need to understand more about the EDR sensor's compatibility? Click here to see the comprehensive list.

Cortex

For more information, see Endpoint Operating Systems Supported with Cortex XDR and Traps.

CrowdStrike Falcon

Organizations most commonly run CrowdStrike Falcon on the following range of platforms:

• Windows 7 SP1 to Windows 10 v1909
• Windows Server 2008 R2 SP1 to Windows Server 2019
• MacOS 10.13 (High Sierra) to 10.15 (Catalina)
• RHEL/CentOS 6.7 to 8
• Ubuntu (14.04LTS, 16.04LTS, 16-AWS, 18.04 LTS, 18-AWS)
• Oracle Linux (6 - UEK3, 4 / 7 - UEK3, 4, 5)
• SUSE Linux Enterprise (11.4, 12.1 - 12.4, 15)
• Amazon Linux 2
• Amazon Linux AMI (2017.03, 2017.09, 2018.03)

Don't see your OS or need to understand more about the EDR sensor's compatibility? Click here to see the comprehensive list.

Elastic Endgame

Organizations most commonly run Endgame on the following range of platforms:

• MacOS Sierra (10.12), High Sierra (10.13), Mojave (10.14), Catalina (10.15)
• Windows 7 SP1
• Windows 8.1
• Windows 10 (v1507, v1511, v1607, v1703, v1709, v1803, v1809, v1903, v1909)
• Windows Server 2008 R2 SP1, 2012 R2, 2016, 2019
• RHEL 6.5 to 8
• CentOS 6.5 x64, 7 to 8
• Ubuntu 16.04, 18.04 (pre Kernel 5)
• Solaris 10 (5.10) x86 SPARC

Don't see your OS or need to understand more about the EDR sensor's compatibility? Visit your Endgame support portal for more details.

Jamf Protect

For more information, see General Requirements.

Linux EDR

Red Canary Linux EDR supports all major Linux distributions at or above kernel version 2.6.32-71. This includes but is not limited to...

• Amazon Linux 1 & 2
• Ubuntu 10.10+ (14.04, 16.04, 18.04, 20.04)
• CentOS 6, 7, 8
• RHEL 6.10+, 7, 8
• Debian 8, 9, 10
• Fedora 31, 32
• SUSE/openSUSE 11
• Oracle Linux 7, 8 (RHEL & UEK kernels)

Microsoft Defender for Endpoint

Organizations most commonly run Microsoft Defender for Endpoint on the following range of platforms:

• Windows 7 SP1 Enterprise
• Windows 7 SP1 Pro
• Windows 8.1 Enterprise
• Windows 8.1 Pro
• Windows 10, version 1607 or later
  • Windows 10 Enterprise
  • Windows 10 Enterprise LTSC
  • Windows 10 Education
  • Windows 10 Pro
  • Windows 10 Pro Education
• Windows server
  • Windows Server 2008 R2 SP1
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server, version 1803 or later
  • Windows Server 2019
• MacOS 10.13 (High Sierra) to 10.15 (Catalina)
• CentOS / Red Hat Enterprise Linux 7.2 or higher*
• Ubuntu 16.04 LTS or higher LTS*
• Debian 9 or higher*
• SUSE Linux Enterprise Server 12 or higher*
• Oracle Linux 7.2 or higher*

*Linux Notes: Microsoft Defender for Endpoint for Linux is currently in Public Preview. Learn more about specific Linux requirements including minimum kernel versions, compatibility requirements, etc.