Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Request]Identify AV/EDR compatibility issues on endpoints with genAI (endpoint insights) #6301

Open
caitlinbetz opened this issue Dec 12, 2024 · 0 comments
Open

[Request]Identify AV/EDR compatibility issues on endpoints with genAI (endpoint insights) #6301

caitlinbetz opened this issue Dec 12, 2024 · 0 comments
Assignees
@natasha-moore-elastic
Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Effort: Medium Issues that take moderate but not substantial time to complete Feature: Elastic Defend Priority: Medium Issues that have relevance, but aren't urgent Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management v9.0.0

Comments

@caitlinbetz
Copy link

caitlinbetz commented Dec 12, 2024
edited
Loading

Description

This feature leverages generative AI to detect if any AV/Security programs are running on a host. Once identified, we guide users through adding detected tools as trusted applications. This solution is targeted to ease the workflow for security operations teams and security admins that manage complex environments with multiple security tools, and need to ensure that all agents/endpoints are optimally functioning.

Background & resources

Which documentation set does this change impact?

ESS and serverless

ESS release

9.0

Serverless release

Monday January 27

Feature differences

Slated for 9.0 for ESS release
No changes between serverless/ESS

API docs impact

TBD

Prerequisites, privileges, feature flags

ESS:

  • Enterprise tier
  • Privileges: New Insights privilege to run insights scan, Trusted Apps privilege to add TA entry

Serverless:

  • Security Analytics Complete, with Endpoint Complete
  • Privileges: New Insights privilege to run insights scan, Trusted Apps privilege to add TA entry
@caitlinbetz caitlinbetz changed the title [Request] [Request]Identify AV/EDR compatibility issues on endpoints with genAI (endpoint insights) Dec 12, 2024
@natasha-moore-elastic natasha-moore-elastic self-assigned this Dec 17, 2024
@natasha-moore-elastic natasha-moore-elastic added Docset: Serverless Issues for Serverless Security Docset: ESS Issues that apply to docs in the Stack release Priority: Medium Issues that have relevance, but aren't urgent Effort: Medium Issues that take moderate but not substantial time to complete Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management labels Dec 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@natasha-moore-elastic natasha-moore-elastic

Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Effort: Medium Issues that take moderate but not substantial time to complete Feature: Elastic Defend Priority: Medium Issues that have relevance, but aren't urgent Team: EDR Workflows Formerly Defend Workflows, Onboarding and Lifecycle Management v9.0.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@caitlinbetz @natasha-moore-elastic