That's called [Microsoft Defender for Endpoint](https://learn.microsoft.com/en-us/defender-endpoint/), which is used even on Linux servers in big corporations. (Largely because it's the easiest way to complete box ticking exercises with Windows servers: once you have it, it's easy to decide to extend it to non-Windows machines as well.)
The binary self-upgrades and runs in highly privileged mode, so it might not be immune from the kind of failure CrowdStrike had here. Though apparently there's at least a way to use a local mirror so you have some control on the updates: https://learn.microsoft.com/en-us/defender-endpoint/linux-su...
The binary self-upgrades and runs in highly privileged mode, so it might not be immune from the kind of failure CrowdStrike had here. Though apparently there's at least a way to use a local mirror so you have some control on the updates: https://learn.microsoft.com/en-us/defender-endpoint/linux-su...