IBM Security QRadar

 View Only

A innovative new Linux agent and password protected uninstallation for Windows agents as part of the latest 3.10 release of IBM Security QRadar EDR

By PATEL MILAN posted Mon October 31, 2022 11:57 AM


IBM  Security QRadar EDR  announces a innovative new Linux agent and a password protected uninstallation security upgrade for Windows agents as part of the latest 3.10 release

  • New Linux agent, for deeper introspection of Linux endpoints, Version 0.60
  • Password protected uninstallation upgrade for Windows agent 
    Announcement Banner

IBM Security QRadar EDR, formerly known as ReaQta, is pleased to announce the introduction of its innovative new Linux agent with enhanced instrumentation, as part of the latest 3.10 release, as well as an important security upgrade for Windows agents. With this release, QRadar EDR again shows its commitment to building a best-in-class Endpoint Detection and Response (EDR) platform by adopting the latest technologies for better detection and response and continuously looking at ways to make QRadar EDR more secure and robust. 


New Linux agent 

With the introduction of a new innovative Linux agent, our customers using Linux-based operating systems will greatly benefit from the latest agent that leverages eBPF technology. The new Linux agent marks an important step forward as eBPF is becoming the standard technology in Linux monitoring and will enable QRadar EDR to provide customers with many improvements for years to come.  

The new Linux agent incorporates SysFlow, which enhances QRadar EDR with a lightweight runtime observability layer to enable deep introspection of Linux endpoints. Sysflow also enables the QRadar EDR Linux agent to expose a set of configurable collection modes that gives the endpoint security agent the flexibility to customize the types of collected system events related to how processes interact with their environment, including the network, filesystem, and other processes.

The Linux agent incident detection and response user experience has been improved with enhancements to process command line information and process correlation. Furthermore, the known endpoint connectivity issues have been resolved. 


Along with the new Linux agent, we are also pleased to announce that with version 0.60, installation coverage has been expanded to support a wider set of Linux-based operating systems, including:  

  • Centos 7, 8
  • Red Hat Linux 7, 8, 9 
  • Ubuntu LTS 18, 20, 22 
  • Debian 8, 9, 10, 11 
  • Amazon Linux 2 


Lastly, thanks to the partnership between IBM Research and QRadar EDR, we were able to capitalize on SysFlow to enable a rapid development cycle and advanced visibility capabilities into Linux endpoints. SysFlow is an open-source system telemetry framework. 


Password protected uninstallation security upgrade for Windows agent 


Password protected uninstallation is a new security feature that hardens the agent against uninstallation attempt from privileged users. With the enablement of this new security upgrade, uninstallation is only possible when an analyst with QRadar EDR dashboard access provides the right uninstallation token. 




For more information on IBM Security QRadar EDR, please visit our website.