Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=cloud-native-security-create-profile

Create a Linux Runtime Detection profile

You can create a new Linux Runtime Detection Profile or create a new version of an existing profile.

Create a new profile

A new profile is best when you're new to Linux Runtime Detection capability or creating new groups within your environment. You can create a new profile to assign to a group of production servers where you want to tune the rules for your production environment. When you create a new profile, you can assign it to a Runtime Detection policy or export it for use in Sophos Linux Sensor. When you create a new profile, it's version 1 of that profile.

To create a new Linux Runtime Detection Profile, do as follows:

  1. Go to Cloud Native Security > Profiles.
  2. Click Create Profile.
  3. Enter a Profile Name.
  4. Select the Content Version you want to use for your Profile. The most recent content version is selected by default.
  5. Optional: Enter a short Change Description to help you identify the profile version later.
  6. Select the rules you want by turning Enabled on or off for the individual rules on the Detection Analytics and Smart Policy tabs. See Advanced Linux Runtime Detection Profile configuration.
  7. Click Save.

Create a new version

Creating a new version of an existing profile provides a way to test and update profiles while keeping a history of the previous configurations. This is useful when tuning a pre-existing profile as it allows you to make changes without creating an entirely new profile. This is useful when tuning detections based on changes in your environment or when SophosLabs releases a new content version.

To create a new version of an existing Linux Runtime Detection Profile, do as follows:

  1. Go to Cloud Native Security > Profiles.
  2. Click the name of the profile you want to update.

  3. Click Create New Version.

    Tip

    You can also click the Actions button Actions on the profile you want to update and click Create New Version.

  4. Select the Content Version you want to use for your Profile. The most recent content version is selected by default.

  5. Optional: Enter a short Change Description to help you identify the profile version later.
  6. Select the rules you want by turning Enabled on or off for the individual rules on the Detection Analytics and Smart Policy tabs. See Advanced Linux Runtime Detection Profile configuration.
  7. Click Save.