Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=cloud-native-security-profiles

Linux Runtime Detection Profiles

Linux Runtime Detection Profiles let you configure SophosLabs default content to include turning individual rules on and off and updating allow and block lists. You can use Linux Runtime Detection Profiles across multiple policies for the Sophos Protection for Linux Agent. You can also export a profile configuration as a .yaml file to include in your Sophos Linux Sensor configuration.

Profiles

Click Create Profile to create a new profile. See Create a Linux Runtime Detection profile.

You can see the following information about your Linux Runtime Detection Profiles:

  • Profile Name: The name you've given a profile. Click Profile Name to sort all profiles by name. Click the name of a profile to see its version history, content version, and settings.
  • Last Updated: When the most recent profile version was created. Click Last Updated to sort all profiles, oldest or newest first.
  • Active: Shows how many Linux Runtime Detection Policies use this profile. See Server Linux Runtime Detection Policy. Click Expand Expand. to see all the policies where this profile is active. Click the name of the policy to see and edit its settings.

Actions

Click the Actions button Actions. for a selected profile to choose from the following actions:

  • Export Latest Version: Downloads the latest version of the selected profile as a .yaml file that you can use in the runtimedetections.yaml configuration file for Sophos Linux Sensor.

    Note

    The yaml file that is exported is not a complete runtimedetections.yaml configuration file. It only includes the modifications you've made to the SophosLabs default content. You must add these modifications to your existing configuration file. See Creating custom detection policies.

  • Create New Version: Edit the profile settings and create a new version.

  • Rename: Rename the profile.

  • Delete: Delete the profile.

    Note

    You can't delete a profile active in a Linux Runtime Detections Policy. You must remove a profile from all Linux Runtime Detection Policies before you can delete it.