Linux Onboarding Recommendations

We have compiled the following recommendations to onboard the EDR along with Malware Protection on Linux systems:

  • Ensure the onboarding activities are carried out with the support of your TAM. This helps to escalate and take preventive measures in case of any issues.
  • Perform a pilot tryout on a small set of assets. Select assets with varying software and hardware configurations for the pilot tryout.
  • On the assets selected for the pilot tryout, ensure the Linux agent version is 6.1.0. Refer to the Cloud Agent for Linux Installation Guide for step-by-step installation instructions.
  • Ensure the EDR application is enabled in the Configuration Profiles from the Cloud Agent.
  • Keep a considerable gap between onboarding two asset batches. This ensures that the bandwidth and CPU utilization is under control on endpoints.
  • If you face issues during the pilot tryout, we recommend that you tune the configurations:
    • Increase CPU and memory utilization.
    • Improve network bandwidth.
    • If you see a high volume of events on the Qualys Cloud Platform, contact the Qualys Support team to tune the policy.
  • Monitor the following:
    • CPU utilization
    • Memory utilization
    • High I/O
    • Network bandwidth
    • Number of EDR events captured
    • Endpoint performance with other antivirus software, Qualys products, and other software (such as coexistence, slowness, and system crashes must be monitored closely)

If you are a new Qualys customer, ensure the agents do not self-patch (auto-update) to avoid automatically upgrading your Linux Agent on these assets. Select the Prevent auto-updating of the agent binaries setting in the Configuration Profiles from the Cloud Agent application to restrict agents from auto-updating. You can enable this setting after a successful pilot tryout.