Skip to content

Endpoint Insights feature — Serverless #6480

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jan 28, 2025
Merged

Endpoint Insights feature — Serverless #6480

merged 5 commits into from
Jan 28, 2025

Conversation

benironside
Copy link
Contributor

@benironside benironside commented Jan 24, 2025
edited
Loading

Fixes #6301 — Adds documentation for the Endpoint Insights feature to serverless.

Preview: Use Endpoint Insights to find incompatible AV products on your hosts

Alternate page title: "Identify antivirus programs on your hosts"

@benironside benironside added the Docset: Serverless Issues for Serverless Security label Jan 24, 2025
@benironside benironside self-assigned this Jan 24, 2025
@benironside benironside requested a review from a team as a code owner January 24, 2025 22:55
@github-actions GitHub Actions
Copy link

A documentation preview will be available soon.

Request a new doc build by commenting
  • Rebuild this PR: run docs-build
  • Rebuild this PR and all Elastic docs: run docs-build rebuild

run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.

If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.

@mergify Mergify
Copy link
Contributor

mergify bot commented Jan 24, 2025

This pull request does not have a backport label. Could you fix it @benironside? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • v7.x is the label to automatically backport to the 7.x branch.
  • v7./d./d is the label to automatically backport to the 7./d branch. /d is the digit

NOTE: backport-skip has been added to this pull request.

szwarckonrad
szwarckonrad previously approved these changes Jan 27, 2025
View reviewed changes
Copy link

@szwarckonrad szwarckonrad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
The only thing I think can be added is that creating a Trusted App requires the Trusted Apps privilege. Without it, links on all the generated insights will be disabled, and the user won’t be able to proceed.

@caitlinbetz
Copy link

Thanks @benironside this is great!!

A couple things -

  • The Insights feature is expected to evolve over time, with the goal to identify and alert users to various endpoint "issues" that we may observe (either with genAI, or the endpoint itself.). No change needed at this point - I just want to make sure you're aware of this (I think the existing page you have would easily fit under an "Endpoint Insights" main page, if that is the plan!)
  • agree with @szwarckonrad 's comment about making note of requiring the trusted application privilege to actually create the TA entry. The link there would be disabled with a tooltip explaining that the privilege is required.
  • At the very end you link to this page, which is awesome. It may even help to call even more attention to this - that as a final step, if they have added a trusted app in Elastic we do recommend trusting/allowlisting Elastic in their other AV/EDR.

Thank you!!

natasha-moore-elastic
natasha-moore-elastic reviewed Jan 28, 2025
View reviewed changes
@benironside benironside merged commit eb22ead into main Jan 28, 2025
4 checks passed
@natasha-moore-elastic natasha-moore-elastic mentioned this pull request Jan 30, 2025
Closed
@natasha-moore-elastic natasha-moore-elastic mentioned this pull request Mar 19, 2025
Merged
natasha-moore-elastic added a commit to elastic/docs-content that referenced this pull request Mar 21, 2025
@natasha-moore-elastic
Adds Endpoint Insights sub-feature privilege (#836)
5f6ef2f 
Resolves #266 by
documenting the new **Endpoint Insights** Elastic Defend sub-feature
privilege.
The related endpoint insights feature, which this privilege enables, was
previously doc'ed in elastic/security-docs#6480.

Preview: [Elastic Defend feature
privileges](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/836/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@natasha-moore-elastic natasha-moore-elastic natasha-moore-elastic left review comments

@nastasha-solomon nastasha-solomon nastasha-solomon approved these changes

@szwarckonrad szwarckonrad szwarckonrad left review comments

Assignees

@benironside benironside

Labels
backport-skip Docset: Serverless Issues for Serverless Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Request]Identify AV/EDR compatibility issues on endpoints with genAI (endpoint insights)
5 participants
@benironside @caitlinbetz @szwarckonrad @nastasha-solomon @natasha-moore-elastic