Advice needed for Elastic Agent Alerting #12907
Unanswered
innovate-support
asked this question in
Q&A
Replies: 2 comments 5 replies
-
Beta Was this translation helpful? Give feedback.
0 replies
-
hey there - for clarification: Are you wanting to use Elastic Agent as the primary anti-malware for your endpoints? Or are you just looking for alerting off the data that Elastic Agent is generating? |
Beta Was this translation helpful? Give feedback.
5 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I've recently set up an SO server specifically intended to gather Elastic Agent data from remote employee Windows laptops. It's functionally working and remote laptops are sending their data to the server just fine. I'm currently testing simulated malicious software on those laptops to see what gets flagged in the SO Alerts sections. Thus far nothing has flagged an Alert even though I've ran the KnowBe4 RanSim software on the remote laptop, it was flagged by Windows as malicious, and I can Hunt and find the logs on the SO Server to confirm the Elastic Agent is sending it's data to the SO Server. I also tried adjusting the default 'elastic-defend-integration' Elastic Fleet policies to enable Malware detection. But nothing is being flagged as an Alert in SO. Are the tollerances set too low? Is there some settings I'm missing? It seems very odd that I could possibly run malicious software on an endpoint and SO wouldn't flag it. Please advise.
Beta Was this translation helpful? Give feedback.
All reactions