EDR Linux Sensor: Does the sensor utilize auditd on Linux?

search cancel

EDR Linux Sensor: Does the sensor utilize auditd on Linux?

book

Article ID: 288235

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Does the EDR (formerly CB Response) sensor utilize auditd on Linux?

Environment

EDR Linux Sensor: All versions
EDR Linux Server: All versions
Linux: All versions

Resolution

No. The Linux sensor gathers event/binary data through Linux Security Modules hooks and through our kernel module. It does not rely on auditd or any other third-party process.

Feedback

thumb_up Yes

thumb_down No