Linux Onboarding Recommendations

We have compiled the following recommendations to onboard the EDR along with Malware Protection on Linux systems:

• Ensure the onboarding activities are carried out with the support of your TAM. This helps to escalate and take preventive measures in case of any issues.
• Perform a pilot tryout on a small set of assets. Select assets with varying software and hardware configurations for the pilot tryout.
• On the assets selected for the pilot tryout, ensure the Linux agent version is 6.1.0. Refer to the Cloud Agent for Linux Installation Guide for step-by-step installation instructions.
• Ensure the EDR application is enabled in the Configuration Profiles from the Cloud Agent.
• Keep a considerable gap between onboarding two asset batches. This ensures that the bandwidth and CPU utilization is under control on endpoints.
• If you face issues during the pilot tryout, we recommend that you tune the configurations:
  • Increase CPU and memory utilization.
  • Improve network bandwidth.
  • If you see a high volume of events on the Qualys Cloud Platform, contact the Qualys Support team to tune the policy.
• Monitor the following:
  • CPU utilization
  • Memory utilization
  • High I/O
  • Network bandwidth
  • Number of EDR events captured
  • Endpoint performance with other antivirus software, Qualys products, and other software (such as coexistence, slowness, and system crashes must be monitored closely)

If you are a new Qualys customer, ensure the agents do not self-patch (auto-update) to avoid automatically upgrading your Linux Agent on these assets. Select the Prevent auto-updating of the agent binaries setting in the Configuration Profiles from the Cloud Agent application to restrict agents from auto-updating. You can enable this setting after a successful pilot tryout.