Closed
Description
Description
This feature leverages generative AI to detect if any AV/Security programs are running on a host. Once identified, we guide users through adding detected tools as trusted applications. This solution is targeted to ease the workflow for security operations teams and security admins that manage complex environments with multiple security tools, and need to ensure that all agents/endpoints are optimally functioning.
Background & resources
- PRs:
- Issues/metas: https://github.com/elastic/security-team/issues/10777
- Point of contact: @caitlinbetz @dasansol92
- Test environments:
Which documentation set does this change impact?
ESS and serverless
ESS release
9.0
Serverless release
Monday January 27
Feature differences
Slated for 9.0 for ESS release
No changes between serverless/ESS
API docs impact
TBD
Prerequisites, privileges, feature flags
ESS:
- Enterprise tier
- Privileges: New Insights privilege to run insights scan, Trusted Apps privilege to add TA entry
Serverless:
- Security Analytics Complete, with Endpoint Complete
- Privileges: New Insights privilege to run insights scan, Trusted Apps privilege to add TA entry