discuss the possibility to run arbitrary custom binary via agent #33049
Labels
Team:Elastic-Agent-Control-Plane
Label for the Agent Control Plane team
Comments
botelastic
bot
added
the
needs_team
|
Would be as well tje case of running community beats https://github.com/christiangalsterer/execbeat But preferably via fleet policy |
endorama
added
the
Team:Elastic-Agent-Control-Plane
|
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
botelastic
bot
removed
the
needs_team
|
We are already tracking this here: elastic/elastic-agent#1237 We are making some changes to the internals of the agent to make this use case easier to support, this is difficult to implement with the current architecture. Once that is complete we will come back to this use case. |
|
Closing this as a duplicate of elastic/elastic-agent#1237. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At the moment only a few vetted binaries(osquery,beats) are allowed to be run by the agent.
There is a need to run other custom arbitrary binaries or executables.
Eg. Reading a log file after it was decrypted
use case described here:
https://discuss.elastic.co/t/filebeat-harvest-logs-from-encyrpted-file/306025/2
Read the windows USN journal
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/fsutil-usn
+
Others(Some use the EDR to run arbitrary comands)
I've already requested this with internal reference number is 16281. Please mention this if you want to upvote. Of course some sort of hash, whitelist or security mechanism should be implemented to prevent miscarriage.
The text was updated successfully, but these errors were encountered: