You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've already requested this with internal reference number is 16281. Please mention this if you want to upvote. Of course some sort of hash, whitelist or security mechanism should be implemented to prevent miscarriage.
The text was updated successfully, but these errors were encountered:
We are making some changes to the internals of the agent to make this use case easier to support, this is difficult to implement with the current architecture. Once that is complete we will come back to this use case.
At the moment only a few vetted binaries(osquery,beats) are allowed to be run by the agent.
There is a need to run other custom arbitrary binaries or executables.
Eg. Reading a log file after it was decrypted
use case described here:
https://discuss.elastic.co/t/filebeat-harvest-logs-from-encyrpted-file/306025/2
Read the windows USN journal
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/fsutil-usn
+
Others(Some use the EDR to run arbitrary comands)
I've already requested this with internal reference number is 16281. Please mention this if you want to upvote. Of course some sort of hash, whitelist or security mechanism should be implemented to prevent miscarriage.
The text was updated successfully, but these errors were encountered: