From db7200f401ab6c231d3536f9e2bed606fd0d609d Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Tue, 21 Oct 2025 13:26:31 -0700 Subject: [PATCH 1/3] Adds note about minimum Defend version for Device Control --- .../configure-an-integration-policy-for-elastic-defend.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md b/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md index 9bcfd56d11..0195b3aecf 100644 --- a/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md +++ b/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md @@ -154,7 +154,7 @@ If you have the appropriate license or project feature tier, you can customize t Memory threat protection detects and stops in-memory threats, such as shellcode injection, which are used to evade traditional file-based detection techniques. -:::{admonition} Requirements +::::{admonition} Requirements :class: note * In {{stack}}, memory threat protection is enabled by default if you have a [Platinum or Enterprise license](https://www.elastic.co/pricing). If you upgrade to a Platinum or Enterprise license from Basic or Gold, memory threat protection will be disabled by default. * In {{serverless-short}}, memory threat protection requires the Endpoint Protection Essentials [project feature tier](/deploy-manage/deploy/elastic-cloud/project-settings.md). @@ -238,6 +238,7 @@ stack: ga 9.2 serverless: ga ``` + Device control helps protect your organization from data loss, malware, and unauthorized access by managing which devices can connect to your computers. Specifically, it restricts which external USB storage devices can connect to hosts that have {{elastic-defend}} installed. To configure device control for one or more hosts, edit the {{elastic-defend}} policy that affects those hosts. Your policy specifies which operations these devices are allowed to take on a host. You can create [trusted devices](/solutions/security/manage-elastic-defend/trusted-devices.md) to define exceptions to your policy for specific devices. @@ -250,6 +251,10 @@ To configure device control for one or more hosts, edit the {{elastic-defend}} p By default, each {{kib}} instance includes a Device Control dashboard. When at least one of your {{elastic-defend}} policies has device control enabled, the dashboard displays data about attempted device connections and their outcomes. To access it and review information about blocked connections, search for `device control` in the **Dashboards** page's **Custom Dashboards** section. +:::{important} +To collect device control data, {{defend}} must be updated to at least v9.2.0. Until you update it to this version, the device control dashboard will not appear and device control events will not be ingested. Device control blocking will still work. +::: + ## Event collection [event-collection] In the **Settings** section, select which categories of events to collect on each operating system. Most categories are collected by default. From 8b70f4cfa98f162ff0c57ba755b2ae4eafd68008 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Tue, 21 Oct 2025 13:34:27 -0700 Subject: [PATCH 2/3] Update configure-an-integration-policy-for-elastic-defend.md --- .../configure-an-integration-policy-for-elastic-defend.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md b/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md index 0195b3aecf..4588347265 100644 --- a/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md +++ b/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md @@ -252,7 +252,7 @@ To configure device control for one or more hosts, edit the {{elastic-defend}} p By default, each {{kib}} instance includes a Device Control dashboard. When at least one of your {{elastic-defend}} policies has device control enabled, the dashboard displays data about attempted device connections and their outcomes. To access it and review information about blocked connections, search for `device control` in the **Dashboards** page's **Custom Dashboards** section. :::{important} -To collect device control data, {{defend}} must be updated to at least v9.2.0. Until you update it to this version, the device control dashboard will not appear and device control events will not be ingested. Device control blocking will still work. +To collect device control data, {{elastic-defend}} must be updated to at least v9.2.0. Until you update it to this version, the device control dashboard will not appear and device control events will not be ingested. Device control blocking will still work. ::: ## Event collection [event-collection] From c2d6ef395a6cb47ebf756a701c2e1b6ed1c8445c Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Tue, 21 Oct 2025 13:39:31 -0700 Subject: [PATCH 3/3] Update solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- .../configure-an-integration-policy-for-elastic-defend.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md b/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md index 4588347265..723319914d 100644 --- a/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md +++ b/solutions/security/configure-elastic-defend/configure-an-integration-policy-for-elastic-defend.md @@ -252,7 +252,7 @@ To configure device control for one or more hosts, edit the {{elastic-defend}} p By default, each {{kib}} instance includes a Device Control dashboard. When at least one of your {{elastic-defend}} policies has device control enabled, the dashboard displays data about attempted device connections and their outcomes. To access it and review information about blocked connections, search for `device control` in the **Dashboards** page's **Custom Dashboards** section. :::{important} -To collect device control data, {{elastic-defend}} must be updated to at least v9.2.0. Until you update it to this version, the device control dashboard will not appear and device control events will not be ingested. Device control blocking will still work. +To collect device control data, {{elastic-defend}} must be updated to at least version 9.2.0. Until you update it to this version, the device control dashboard will not appear and device control events will not be ingested. Device control blocking will still work. ::: ## Event collection [event-collection]