Red Canary supports the same platforms and operating system (OS) versions as the underlying EDR/EPP platforms that we leverage. Please refer to the vendor-specific resources below for the most up-to-date information.

Carbon Black EDR [formerly known as Response]

Organizations most commonly run Carbon Black Response on the following ranges of platforms:

• Windows XP SP3 → Windows 10 v1909
• Windows Server 2003 → Windows Server 2019
• MacOS 10.7.4 (Lion) → 10.15 (Catalina)
• RHEL 6.4 → 8.3
• CentOS 6.4 → 8.3
• SUSE 12 (SP2-SP5) -> 15 (SP1-SP2)
• Ubuntu 18.04 -> 20.04

Don't see your OS or need to understand more about the EDR sensor's compatibility? Click here to see the comprehensive list.

Carbon Black Cloud [formerly known as ThreatHunter / Defense]

Organizations most commonly run Carbon Black ThreatHunter on the following ranges of platforms:

• Windows Vista SP2 → Windows 10 v1909
• Windows Server 2008 R2 → Windows Server 2019
• MacOS 10.10 (Yosemite) → 10.15 (Catalina)
• RHEL 6.6 → 8.3
• CentOS 6.6 → 8.3
• SUSE 12 (SP2-SP5) -> 15 (SP1-SP2)
• Ubuntu 18.04 -> 20.04

Don't see your OS or need to understand more about the EDR sensor's compatibility? Click here to see the comprehensive list.

Elastic Endgame

Organizations most commonly run Endgame on the following ranges of platforms:

• MacOS Sierra (10.12), High Sierra (10.13), Mojave (10.14), Catalina (10.15)
• Windows 7 SP1
• Windows 8.1
• Windows 10 (v1507, v1511, v1607, v1703, v1709, v1803, v1809, v1903, v1909)
• Windows Server 2008 R2 SP1, 2012 R2, 2016, 2019
• RHEL 6.5 => 8
• CentOS 6.5 x64, 7 => 8
• Ubuntu 16.04, 18.04 (pre Kernel 5)
• Solaris 10 (5.10) x86 SPARC

Don't see your OS or need to understand more about the EDR sensor's compatibility? Visit your Endgame support portal for more details.

CrowdStrike Falcon

Organizations most commonly run CrowdStrike Falcon on the following ranges of platforms:

• Windows 7 SP1 => Windows 10 v1909
• Windows Server 2008 R2 SP1 => Windows Server 2019
• MacOS 10.13 (High Sierra) => 10.15 (Catalina)
• RHEL/CentOS 6.7 => 8
• Ubuntu (14.04LTS, 16.04LTS, 16-AWS, 18.04 LTS, 18-AWS)
• Oracle Linux (6 - UEK3, 4 / 7 - UEK3, 4, 5)
• SUSE Linux Enterprise (11.4, 12.1 - 12.4, 15)
• Amazon Linux 2
• Amazon Linux AMI (2017.03, 2017.09, 2018.03)

Don't see your OS or need to understand more about the EDR sensor's compatibility? Click here to see the comprehensive list.

Microsoft Defender for Endpoint

Organizations most commonly run Microsoft Defender for Endpoint on the following ranges of platforms:

• Windows 7 SP1 Enterprise
• Windows 7 SP1 Pro
• Windows 8.1 Enterprise
• Windows 8.1 Pro
• Windows 10, version 1607 or later
  • Windows 10 Enterprise
  • Windows 10 Enterprise LTSC
  • Windows 10 Education
  • Windows 10 Pro
  • Windows 10 Pro Education
• Windows server
  • Windows Server 2008 R2 SP1
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server, version 1803 or later
  • Windows Server 2019
• MacOS 10.13 (High Sierra) => 10.15 (Catalina)
• CentOS / Red Hat Enterprise Linux 7.2 or higher*
• Ubuntu 16.04 LTS or higher LTS*
• Debian 9 or higher*
• SUSE Linux Enterprise Server 12 or higher*
• Oracle Linux 7.2 or higher*

*Linux Notes: Microsoft Defender for Endpoint for Linux is currently in Public Preview. Learn more about specific Linux requirements including minimum kernel versions, compatibility requirements, etc.

Linux EDR

Red Canary Linux EDR supports all major Linux distributions at or above kernel version 2.6.32-71. This includes but is not limited to:

• Amazon Linux 1 & 2
• Ubuntu 10.10+ (14.04, 16.04, 18.04, 20.04)
• CentOS 6, 7, 8
• RHEL 6.10+, 7, 8
• Debian 8, 9, 10
• Fedora 31, 32
• SUSE/openSUSE 11
• Oracle Linux 7, 8 (RHEL & UEK kernels)

Jamf Protect

See Jamf documentation at https://docs.jamf.com/jamf-protect/documentation/General_Requirements.html.