When reviewing Endpoints in Red Canary, the Last Activity column shows a value of "Unknown". What does this value mean?
A value of Unknown in the Last Activity column may indicate that telemetry has never been received by Red Canary or the last time telemetry was received for an endpoint that is reporting that value was prior to June 2021 (two months prior to the activation of the feature).
If an endpoint has recently checked-in but telemetry has not been ingested by Red Canary, please check to see if there are any issues that may be preventing the endpoint from collecting telemetry (i.e. third-party AV preventing sensor from functioning, incompatible sensor version, driver failure, etc).
Sometimes the endpoint that the sensor is installed on may require a reboot or for the agent/sensor service to be restarted in order to correct a sensor health issue.
If on a Mac, system extension (kernel access) and full disk access (ability to see all behavior on endpoint and write that to disk) likely need to be enabled under System Preferences > Security and Privacy.
If there are no sensor incompatibility issues or a reboot does not correct the issue, please submit a support request via Red Canary Help Center for further assistance.
Additional Helpful Links: