Installing the QRadar EDR Agent on Linux endpoints
Install the QRadar® EDR Agent on your Linux® endpoints to monitor the endpoints, collect events, analyze behavior, and enforce policies.
- Amazon Linux 2
- CentOS 6, 7, 8
- CentOS Stream 8, 9
- Debian 8, 9, 10, 11, 12
- OpenSUSE Leap 15
- Oracle Linux 7, 8, 9
- Red Hat® Enterprise Linux 6, 7, 8, 9
- Rocky Linux 8, 9
- SUSE Linux Enterprise Server 12, 15
- Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS
- The QRadar EDR Agent is not supported on CentOS 6, CentOS 7, Debian 8, Debian 9, Debian 10, Red Hat Enterprise Linux 6, or Red Hat Enterprise Linux 7 when they are using UEFI Secure Boot.
- CentOS 6 and Red Hat Enterprise Linux 6 require Linux agent 0.70.0 or later.
In an MSSP deployment, you must specify a GID when you install the QRadar EDR Agent, otherwise the endpoint registration fails.