Linux Runtime Detection Profiles
Linux Runtime Detection Profiles let you configure SophosLabs default content to include turning individual rules on and off and updating allow and block lists. You can use Linux Runtime Detection Profiles across multiple policies for the Sophos Protection for Linux Agent. You can also export a profile configuration as a
.yaml file to include in your Sophos Linux Sensor configuration.
Click Create Profile to create a new profile. See Create a Linux Runtime Detection profile.
You can see the following information about your Linux Runtime Detection Profiles:
- Profile Name: The name you've given a profile. Click Profile Name to sort all profiles by name. Click the name of a profile to see its version history, content version, and settings.
- Last Updated: When the most recent profile version was created. Click Last Updated to sort all profiles, oldest or newest first.
- Active: Shows how many Linux Runtime Detection Policies use this profile. See Server Linux Runtime Detection Policy. Click Expand to see all the policies where this profile is active. Click the name of the policy to see and edit its settings.
Click the Actions button for a selected profile to choose from the following actions:
Export Latest Version: Downloads the latest version of the selected profile as a
.yamlfile that you can use in the
runtimedetections.yamlconfiguration file for Sophos Linux Sensor.
The yaml file that is exported is not a complete
runtimedetections.yamlconfiguration file. It only includes the modifications you've made to the SophosLabs default content. You must add these modifications to your existing configuration file. See Creating custom detection policies.
Create New Version: Edit the profile settings and create a new version.
- Rename: Rename the profile.
Delete: Delete the profile.
You can't delete a profile active in a Linux Runtime Detections Policy. You must remove a profile from all Linux Runtime Detection Policies before you can delete it.