Currently, cloudstrike offers two methods for Linux: a kernel driver / module and a theoretically safer alternative using epbf (you could call that “kernel level scripting”). Ironically, they triggered a kernel bug using that more second option. They did not test all kernels they listed as compatible or something like that.