Skip to content

Trusted Applications #245

New issue
New issue
Closed
Closed
Trusted Applications#245
Assignees
jmikell821
Labels
Team: DocsTeam: EDR WorkflowsFormerly Defend Workflows, Onboarding and Lifecycle ManagementTeam: EndpointEndpoint related issuesv7.10.0
@caitlinbetz

Description

@caitlinbetz
caitlinbetz
opened on Sep 14, 2020

Meta Issue: https://github.com/elastic/security-team/issues/156

Description

Background:
Users expect to be able to use Elastic Security without any conflicts or compatibility issues with other installed applications on their system. They want to be able to intentionally exclude some processes from being monitored and make them completely trusted - or, conditionally trusted. This is easier on the user than adding multiple entries to their allowlist in order to ensure an application can be used.

User Story/Problem Statement(s):

As an elastic endpoint security user, I want to be able to trust applications by defining what process to trust to trust, so that I can ensure there are no compatibility or performance issues with applications I need in my environment.

Acceptance Test Criteria

  • User can add trusted apps by OS
  • User can add an entry by Process Path
  • User can wild card the process path
  • User can add entry by Hash
  • User can view a list of Trusted Apps
  • We do not automatically trust child processes of a trusted process
  • Users are able to access Trusted Apps from the Fleet application through the "edit" integration page

Screenshots:

image

image

image

image

Notes

  • Team: endpoint management (Kevin/Caitlin)

Metadata

Metadata

Assignees

Labels

Team: DocsTeam: EDR WorkflowsFormerly Defend Workflows, Onboarding and Lifecycle ManagementTeam: EndpointEndpoint related issuesv7.10.0

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions