diff --git a/docs/getting-started/install-endpoint.asciidoc b/docs/getting-started/install-endpoint.asciidoc index e60eff009c..0479e2ee32 100644 --- a/docs/getting-started/install-endpoint.asciidoc +++ b/docs/getting-started/install-endpoint.asciidoc @@ -13,7 +13,7 @@ NOTE: Configuring the Endpoint Integration on the Elastic Agent requires that th [[security-before-you-begin]] == Before you begin -If you're using the Elastic Agent on macOS Mojave (10.14) or later, ensure that you have enabled <>. Lastly, review the Elastic Security system requirements. +If you're using the Elastic Agent on macOS Mojave (10.14) or later, ensure that you have enabled <>. Lastly, review the <>. [discrete] [[add-security-integration]] @@ -24,15 +24,15 @@ If you're using the Elastic Agent on macOS Mojave (10.14) or later, ensure that [role="screenshot"] image::images/install-endpoint/security-integration.png[] + -2. On the Administration page of the security app or the Elastic Endpoint Security integration page in Ingest Manager, select **Add Endpoint Security**. The integration configuration page appears. -3. Select a configuration for the Elastic Agent. You can use either the **Default config**, or adds security integration to a custom or existing configuration. For more details on Elastic Agent configuration settings, see {ingest-guide}/elastic-agent-configuration.html[Configuration settings]. -4. Configure the Elastic Endpoint Security integration with a name and optional description. When done configuring, select **Save integration**. Kibana redirects you back to the administration section of the security app. +2. On the Administration page of the {security-app} or the Elastic Endpoint Security integration page in Fleet, select **Add Endpoint Security**. The integration configuration page appears. +3. Select a configuration for the Elastic Agent. You can use either the **Default config**, or add security integration to a custom or existing configuration. For more details on Elastic Agent configuration settings, see {ingest-guide}/elastic-agent-configuration.html[Configuration settings]. +4. Configure the Elastic Endpoint Security integration with a name and optional description. When configuration is complete, select **Save integration**. Kibana redirects you back to the administration section of the {security-app}. + [role="screenshot"] image::images/install-endpoint/add-elastic-endpoint-security.png[] + -5. On the Enable Elastic Endpoint Security on your Agent's page, select the name of your new integration. To enroll your Agents with Endpoint Security, select **Enroll Agent**. -6. Kibana redirects you back to Ingest manager to add the Elastic Agent to your host. +5. On the "Enable Elastic Endpoint Security" on your Agent's page, select the name of your new integration. To enroll your agents with Endpoint Security, select **Enroll Agent**. +6. Kibana redirects you back to Fleet to add the Elastic Agent to your host. [discrete] [[enroll-security-agent]] @@ -42,7 +42,7 @@ When integrating with the Elastic Agent, Elastic Endpoint Security **requires** IMPORTANT: Elastic Endpoint Security cannot be integrated with an Elastic Agent in Standalone mode. -1. Go to Ingest Manager. Select **Overview** > **Add agent**. +1. Go to Fleet. Select **Overview** > **Add agent**. + [role="screenshot"] image::images/install-endpoint/add-agent.png[] @@ -53,9 +53,9 @@ image::images/install-endpoint/add-agent.png[] [role="screenshot"] image::images/install-endpoint/endpoint-configuration.png[] + -4. After the Elastic Agent is installed on your host machine, open a command-line interface, and navigate to your Agent's directory. Copy the commands from Ingest Manager for your OS to enroll and run the Agent. +4. After the {agent} is installed on your host machine, open a command-line interface, and navigate to your Agent's directory. Copy the commands from Fleet for your OS to enroll and run the Agent. -After you have enrolled the Elastic Agent on your host, select **Continue**. The host now appears on the Hosts view page inside the Elastic Security app. +After you have enrolled the {agent} on your host, select **Continue**. The host now appears in the Endpoints list, located on the Administration page in the {security-app}. To unenroll an agent from your host, see {ingest-guide}/unenroll-elastic-agent.html[Unenroll Elastic Agent]. @@ -63,7 +63,7 @@ To unenroll an agent from your host, see {ingest-guide}/unenroll-elastic-agent.h [[enable-kernel-extension]] == Enable Elastic Endpoint kernel -When running the Elastic agent with endpoint integrated on macOS, you might be prompted to approve a kernel extension from "Endgame, Inc". To approve the extension: +When running the {agent} with endpoint integrated on macOS, you might be prompted to approve a kernel extension from "Endgame, Inc". To approve the extension: TIP: JAMF users can approve the Kernel the same way for the **Elastic Endgame** app. @@ -96,13 +96,13 @@ If the prompt does not appear when trying to run the Elastic Agent: After you have installed the agent, malware prevention is automatically enabled on protected hosts. If needed, you can configure malware protection settings to meet your company's security needs. -1. In the security app, select the **Admin** tab to view the Administration page. Remember that you must have admin permissions in {kib} to access this page. -2. From the **Integration** column, select the integration you want to configure. The Host Configuration page appears. -3. By default, the **Malware Protection Enabled** toggle is on. To disable malware protection, switch the toggle off. Malware protection levels are as follows: -* **Detect**: Detects malware on the host and generates an alert. When set to detect, the agent will **not** block malware. You must pay attention to and analyze any malware alerts that are generated. +1. In the security app, select the **Administration** tab to view the Endpoints list. Remember that you must have admin permissions in {kib} to access this page. +2. From the **Integration Policy** column, select the Policy you want to configure. The Integration Policy page appears. +3. By default, the **Malware Protections Enabled** toggle is on. To disable malware protection, switch the toggle off. Malware protection levels are as follows: +* **Detect**: Detects malware on the host and generates an alert. The agent will **not** block malware. You must pay attention to and analyze any malware alerts that are generated. * **Prevent** (Default): Detects malware on the host, blocks it from executing, and generates an alert. -4. Click **Save** to save changes to the integration. -5. On the dialog box that says, "Saving these changes will apply updates to number endpoints assigned to this agent policy," click **Save and Deploy changes**. If successful, a "Success" confirmation appears in the lower right corner. +4. Click **Save** to save changes to the Policy. +5. On the dialog that appears, click **Save and Deploy changes**. If successful, a "Success" confirmation appears in the lower-right corner. [role="screenshot"] image::images/install-endpoint/malware-protection.png[]