Define Activation Conditions for Linux
Create a condition to specify specific match criteria for Linux policy rules.
To apply policy to Linux servers, you can create a condition to match any of the following characteristics:
- File or folder path
- Linux distribution type
- Linux distribution version or versions
After creating a condition, you can use it to exclude or apply a rule to a Linux endpoint.
Use the following workflow to create a new condition for Linux.
- Select SettingsConditionsLinux. The Conditions page displays the Name, Description, and Path (if applicable) for each condition.
- Click the action menu and then Add a new condition.
- Enter a Name and Description to identify the condition.
- Select the type of condition: either Path to
match on the path of a specific executable file or:
- Path—Match a specific file or folder that exists on the Linux server (for example /sys/kernel/security/apparmor or /etc/redhat-release).
- Distribution—Match one or more Linux distributions. Select the Distribution name and an optional distribution Version. The version format must match the format sent by the Traps agent. To identify the expected format for a specific endpoint, view the version on the MonitorAgentHealth page. If you do not specify version, the condition will apply to all versions. You can select a Version Comparison operator to evaluate the version:
- Equal—Match an exact version.
- Greater—Match any version that is equal to or greater than the specified version.
- Lesser—Match any version that is equal to or lesser than the specified version.
- Between—Match any version inclusive of and between two values.
- Regex—Match a version using regular expressions.
- Save the condition.You can use the condition as a match criteria to either include or exclude endpoints from receiving a rule. See Include or Exclude Endpoints Using Conditions.
Use conditions to apply or exclude a rule from an endpoint that matches specific criteria you define. ...
Define Activation Conditions for a Rule on Windows Endpoint...
Define Activation Conditions for Windows Endpoints For each condition, you can specify either an executable file path, an executable file path and file version, or ...
Define Activation Condition for a Rule on Mac Endpoints
Define Activation Conditions for Mac Endpoints To apply policy to Mac endpoints, you can create a condition to match any of the following characteristics: Bundle ...
Traps for Linux
Traps for Linux The Traps agent protects Linux servers by preventing attackers from leveraging software exploits or vulnerabilities to compromise an endpoint. The Traps agent ...
Search Endpoints for a File, Folder, or Registry Key
Search Endpoints for a File, Folder, or Registry Key To perform a centralized search for a system file, folder, or registry key on a Windows ...
Include or Exclude Endpoints Using Conditions
Include or Exclude Endpoints Using Conditions By configuring conditions, you can activate rules for only those endpoints that match the condition. For example, consider a ...
Create an Exploit Protection Rule
Create an Exploit Protection Rule An exploit protection rule uses exploit protection modules (EPMs) to protect processes in your organization from specific exploitation techniques. Each ...
Delete or Modify a Rule Condition
Delete or Modify a Rule Condition Rule activation conditions are conditions that the endpoint must fulfill for a rule to apply to that endpoint. After ...
Whitelist a Network Folder
Whitelist a Network Folder To prevent attack scenarios that are based on writing malicious executable files to remote folders, you can create a restriction rule ...