The Linux EDR sensor is composed of the core daemon (cfsvcd) and plugins. The daemon is responsible for core capabilities, whereas plugins provide specific, targeted capabilities.
Plugins are obtained dynamically from Red Canary’s Cloud, once the sensor has been installed and the daemon is running successfully. The daemon utilizes the plugins as needed.
Estimated procedure time: 5 minutes
Red Canary supports plugins v 1.2.0. and higher. The available plugins are:
- Process Memory Integrity (PMI)
- Behavioral Rootkit Detection
- Response Actions
Disable plugins globally
- To disable all global plugins applied to all endpoints, click Integrations from the navigation menu and then Red Canary Cloud Workload Protection.
- Scroll down to Enabled Plugins, and disable the desired plugins.
- To override Global Plugin Settings, or to enable/disable a plugin for an individual endpoint, click on Endpoints from the navigation menu, and then click on a specific endpoint’s page.
- Navigate to the plugins section. Select the option needed for the plugin.