When it comes to Linux, we recognize that it is often our customer’s production systems that we are aiming to protect. With that in mind, we’ve been very careful in how we develop our Linux EDR agent and the type of capabilities it supports. We previously chose to not include automated remediation as a feature of our agent to ensure our customers maintained full control of their Linux production environments and could trust that our agent would not negatively impact or degrade the service of their critical infrastructure. However, our customers have made it clear that they want automated responses as a feature option because they value and trust our ability to correctly identify and respond to threats safely.
Red Canary is proud to introduce a new plug-in option for Linux EDR customers to support automated response actions. Sticking with our ethos, this plugin is disabled by default so customers will need to opt-in by specifically enabling the plugin in their portal. Once enabled, customers will be able to configure playbooks with automated response actions or take manual actions when reviewing threats on the timeline. We are starting with support for file deletion and retrieval and will be adding additional responses in the near future. This feature is available now to all Linux EDR customers.
If you’d like to learn more about how to enable the response actions plugin in your portal, please see our help center article. If you just have questions about Linux EDR and its response capabilities, please reach out to your Customer Success Manager. In the meantime, take a look at the file deletion response in action: