Skip to main content

Endpoint Detection and Response (EDR) and supported Linux kernels

The EDR Sensor (Incidents Sensor) is supported by the kernel versions and Linux distributions listed in the Endpoint protection – Supported operating systems – Linux article, in the following three subsections:

Fully Supported Linux Modern Distributions
Fully Supported Linux Modern Distributions for ARM architecture
Supported Linux Legacy Distributions
Important
On the supported legacy Linux operating systems, EDR uses only auditd. kprobes is used on modern operating systems.

Note

This supported distributions list is being updated regularly.

In this section:

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.