Open
Description
Describe the bug:
- Newly Added Defend Integration Policy RAV Settings is Disabled Instead of Syncing with Malware Protection Level
Build Details:
VERSION: 8.16.0
BUILD: 77679
COMMIT: 6b091fe3b410eaae9d4805c0a3c0ea6168bf66b0
Login Credentials
https://p.elstc.co/paste/lDrf5NTS#u-zff3/Cj2T9laJWLsTIOlSzVViJHTB8zIJ8TWKNkV5
Preconditions
- Kibana should be running.
- Policy should be present under fleet tab.
Steps to Reproduce
- Navigate to the policy details tab
- Click on Add Integration
- Select Elastic Defend Integration
- Click on Add Elastic Defend
- Click on Install Elastic Agent
- Install the desired elastic agent (Linux, Mac, Windows) on your Endpoint
- Wait for the Agent to be installed.
- Now click on Add the integration
- Click on confirm incoming data
- Click on view assets
- Click on Integration policies section and scroll down
- Observe that the Newly Added Defend Integration Policy RAV Settings is Disabled Instead of Syncing with Malware Protection Level
Actual result
- Newly Added Defend Integration Policy RAV Settings is Disabled Instead of Syncing with Malware Protection Level
Expected Result
- When a Defend integration is added via the Install Agent process, the newly created policy's RAV settings should automatically sync with the malware protection level, rather than being disabled by default
Whats working
- It is working fine when we add policy after installing agent
Additional Information
- Also we observed that all the toggle are off and recommended settings are only for OS event Collections
Screen-cast
Sukhwinder.Singh.-.Agent.policies.-.Fleet.-.Elastic.Mozilla.Firefox.2024-08-26.11-43-18.mp4
Logs
- N/A
AC
- Register as AV is set to
sync
as default value. Same as when creating a Defend integration policy. - Protections are still disabled (no changes on the current behaviour).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment