Browse your product documentation including release notes and installers
Below is a list of all current and previous Linux Carbon Black Cloud sensors. Please see the Carbon Black Cloud Sensor Support Policy and the Carbon Black Product Release Life Cycle Status pages for more information on sensors currently in Standard or Extended support.
To view all Carbon Black Cloud sensor versions, see Carbon Black Cloud sensor support.
All Linux sensors run on an x64 architecture.
Audit and Remediation & Workloads Supported Distributions
Note: All kernel versions are supported on Audit and Remediation
Audit and Remediation
Note: We dropped support for RHEL/CentOS/Oracle 6.5 and below in 2.9.1. We recommend those on these operating system versions update to a more recent version of RHEL/CentOS/Oracle.
Enterprise EDR Supported Distributions and Kernel Versions
Note: Kernel version 4.4+ is required for RHEL8+, CentOS8+, Oracle 8+, Oracle UEK, Amazon, SUSE, and Ubuntu
*** UEK kernel is only support in 2.10.1+
Endpoint Standard Distributions and Kernel Versions
*** UEK kernel is only support in 2.11.0+
For Amazon Linux 2 and Ubuntu* distributions, any reason that CB Defense listed as '2.2.0' and not '2.2.0 - 2.4.0' ?
@haro Thanks for pointing this out. It has been updated.
By 'CB Defense (Live Response only)' do you mean that we won't be able to apply prevention policies, for example to terminate known malware, and we wont see events for Linux machines under Investigate page?
That's correct @gszajwaj - the Linux Sensors currently do not enforce an policy actions, and you will not see any events, as we are not tracking them. It is purely so actions can be taken via Live Response.
Here's a KB Article on this point...CB Defense: Can the Linux Sensor be assigned to a policy?https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-Can-the-Linux-Sensor-be-assigned-to-a...
I hope that helps clarify this for you.
I'm running PSC sensor and my environment has only ThreatHunter, enabled.
I'm still not able to download Linux sensors, just Windows. Any clue on the date it will became available?
Any future support for Oracle Enterprise Linux?
@pipesbi We are actively working on Oracle Linux support. A couple things to mention here:
LiveOps (Audit and Remediation) will support Oracle Linux 6, 7, 8 with both the UEK and RHCK kernel.
For ThreatHunter (Enterprise EDR) and Defense (Endpoint Standard), Oracle Linux 6/7 with the RHCK kernel will be the only distributions/kernels supported upon initial release.
What is the timing for Cb ThreatHunter (Cloud EDR) support for SLES12 and 15? I still see them listed above as only supporting LiveOps (still).
Also, what about support for CbTH and CbD for RHEL/CentOS 8? It's listed under LiveOps and it's been out for 6+ months.
when can we expect active protection( CB Defense & Threat Hunter) for ubuntu servers ?
Are there any updates to the availability of seeing events? This feature was promised by the end of 2019 and we are more than halfway through 2020.
@hhendrickson @cullom @maheshn89
We are actively working on 4.x+ kernel support on RHEL8, SUSE, CentOS8, Oracle8, Amazon Linux and Ubuntu. The first milestone we are looking towards is Enterprise EDR support (formerly CB ThreatHunter) at the end of the year. Endpoint Standard (formerly CB Defense) will follow.
@mlinde - that's good to hear, but what about all my existing SUSE servers running kernel 3.10 that I really want to get consolidated under a single portal and agent (CbTH)? Or are you saying that you will never have CbTH support for SUSE 12 and 15?
In Release Note for 2.8.0 , support for Audit and Remediation is mentioned as "Oracle Linux 6.0-8.2 on both the RHCK kernel and UEK kernel."
However, the above "CB LiveOps Supported Distribution" only has "8.0-8.1" for Orcale Linux 8.
Which is correct for Oracle Linux 8.2 support status?
@hhendrickson we will be adding support for SLES 12 and 15, but only on the 4.x+ kernels. Both SLES 12 and SLES 15 have shipped with kernels 4.x+ for the past couple years. As we move towards using an eBPF-based solution so we can support more distributions, a requirement will be on the newer kernel versions.
@haro Oracle 8.2 is supported on LiveOps, updating this table now.
What're the chances of getting Arch support added? I get that you would have to limit kernel versions and that's semi anti arch, but would still love to see it as a supported distro so I could use things like Manjaro.
is there an ETA for ubuntu 20 sensor kit on cb defense? right now i only see 16/18
Is there a specific estimated time of arrival for CB Defense Linux support Debian/Ubuntu ?
we had patched our linux servers from 7.8 - 7.9 and all sensors went on to bypass mode due to "unsupported OS" is there a timeline on having this addressed in future sensor releases? if so, any ETA?Thanks,
any updates on the Linux 7.9 support?
Looks like they just put it out.
Anyone facing some issues on Ubuntu 16.04 after sensor upgrade to 2.10.1?
@ittommi and @mdeschenes I would advise opening a case if you are still having issues. That will be the fastest path to resolution.
Thanks for the consolidated view for agent support. What is the timeline for Endpoint Standard support on Ubuntu and Amazon Linux?
Following up on da878t's comment, any word on when Endopint Standard support for Ubuntu and Centos 8 will be available?