From df01f9a52b9e6b6c5e82a10d84716714f372f673 Mon Sep 17 00:00:00 2001 From: Janeen Mikell-Straughn Date: Tue, 20 Oct 2020 15:19:22 -0400 Subject: [PATCH 1/2] small malware config updates and other edits. --- .../getting-started/install-endpoint.asciidoc | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/docs/getting-started/install-endpoint.asciidoc b/docs/getting-started/install-endpoint.asciidoc index e60eff009c..652e37b223 100644 --- a/docs/getting-started/install-endpoint.asciidoc +++ b/docs/getting-started/install-endpoint.asciidoc @@ -13,7 +13,7 @@ NOTE: Configuring the Endpoint Integration on the Elastic Agent requires that th [[security-before-you-begin]] == Before you begin -If you're using the Elastic Agent on macOS Mojave (10.14) or later, ensure that you have enabled <>. Lastly, review the Elastic Security system requirements. +If you're using the Elastic Agent on macOS Mojave (10.14) or later, ensure that you have enabled <>. Lastly, review the <>. [discrete] [[add-security-integration]] @@ -24,25 +24,25 @@ If you're using the Elastic Agent on macOS Mojave (10.14) or later, ensure that [role="screenshot"] image::images/install-endpoint/security-integration.png[] + -2. On the Administration page of the security app or the Elastic Endpoint Security integration page in Ingest Manager, select **Add Endpoint Security**. The integration configuration page appears. -3. Select a configuration for the Elastic Agent. You can use either the **Default config**, or adds security integration to a custom or existing configuration. For more details on Elastic Agent configuration settings, see {ingest-guide}/elastic-agent-configuration.html[Configuration settings]. -4. Configure the Elastic Endpoint Security integration with a name and optional description. When done configuring, select **Save integration**. Kibana redirects you back to the administration section of the security app. +2. On the Administration page of the {security-app} or the Elastic Endpoint Security integration page in {fleet}, select **Add Endpoint Security**. The integration configuration page appears. +3. Select a configuration for the Elastic Agent. You can use either the **Default config**, or add security integration to a custom or existing configuration. For more details on Elastic Agent configuration settings, see {ingest-guide}/elastic-agent-configuration.html[Configuration settings]. +4. Configure the Elastic Endpoint Security integration with a name and optional description. When configuration is complete, select **Save integration**. Kibana redirects you back to the administration section of the {security-app}. + [role="screenshot"] image::images/install-endpoint/add-elastic-endpoint-security.png[] + -5. On the Enable Elastic Endpoint Security on your Agent's page, select the name of your new integration. To enroll your Agents with Endpoint Security, select **Enroll Agent**. -6. Kibana redirects you back to Ingest manager to add the Elastic Agent to your host. +5. On the "Enable Elastic Endpoint Security" on your Agent's page, select the name of your new integration. To enroll your agents with Endpoint Security, select **Enroll Agent**. +6. Kibana redirects you back to {fleet} to add the Elastic Agent to your host. [discrete] [[enroll-security-agent]] == Configure and enroll Elastic Agent -When integrating with the Elastic Agent, Elastic Endpoint Security **requires** enrollment through Fleet to enable the integration. +When integrating with the Elastic Agent, Elastic Endpoint Security **requires** enrollment through {fleet} to enable the integration. IMPORTANT: Elastic Endpoint Security cannot be integrated with an Elastic Agent in Standalone mode. -1. Go to Ingest Manager. Select **Overview** > **Add agent**. +1. Go to {fleet}. Select **Overview** > **Add agent**. + [role="screenshot"] image::images/install-endpoint/add-agent.png[] @@ -53,9 +53,9 @@ image::images/install-endpoint/add-agent.png[] [role="screenshot"] image::images/install-endpoint/endpoint-configuration.png[] + -4. After the Elastic Agent is installed on your host machine, open a command-line interface, and navigate to your Agent's directory. Copy the commands from Ingest Manager for your OS to enroll and run the Agent. +4. After the {agent} is installed on your host machine, open a command-line interface, and navigate to your Agent's directory. Copy the commands from {fleet} for your OS to enroll and run the Agent. -After you have enrolled the Elastic Agent on your host, select **Continue**. The host now appears on the Hosts view page inside the Elastic Security app. +After you have enrolled the {agent} on your host, select **Continue**. The host now appears in the Endpoints list, located on the Administration page in the {security-app}. To unenroll an agent from your host, see {ingest-guide}/unenroll-elastic-agent.html[Unenroll Elastic Agent]. @@ -63,7 +63,7 @@ To unenroll an agent from your host, see {ingest-guide}/unenroll-elastic-agent.h [[enable-kernel-extension]] == Enable Elastic Endpoint kernel -When running the Elastic agent with endpoint integrated on macOS, you might be prompted to approve a kernel extension from "Endgame, Inc". To approve the extension: +When running the {agent} with endpoint integrated on macOS, you might be prompted to approve a kernel extension from "Endgame, Inc". To approve the extension: TIP: JAMF users can approve the Kernel the same way for the **Elastic Endgame** app. @@ -96,13 +96,13 @@ If the prompt does not appear when trying to run the Elastic Agent: After you have installed the agent, malware prevention is automatically enabled on protected hosts. If needed, you can configure malware protection settings to meet your company's security needs. -1. In the security app, select the **Admin** tab to view the Administration page. Remember that you must have admin permissions in {kib} to access this page. -2. From the **Integration** column, select the integration you want to configure. The Host Configuration page appears. -3. By default, the **Malware Protection Enabled** toggle is on. To disable malware protection, switch the toggle off. Malware protection levels are as follows: -* **Detect**: Detects malware on the host and generates an alert. When set to detect, the agent will **not** block malware. You must pay attention to and analyze any malware alerts that are generated. +1. In the security app, select the **Administration** tab to view the Endpoints list. Remember that you must have admin permissions in {kib} to access this page. +2. From the **Integration Policy** column, select the Policy you want to configure. The Integration Policy page appears. +3. By default, the **Malware Protections Enabled** toggle is on. To disable malware protection, switch the toggle off. Malware protection levels are as follows: +* **Detect**: Detects malware on the host and generates an alert. The agent will **not** block malware. You must pay attention to and analyze any malware alerts that are generated. * **Prevent** (Default): Detects malware on the host, blocks it from executing, and generates an alert. -4. Click **Save** to save changes to the integration. -5. On the dialog box that says, "Saving these changes will apply updates to number endpoints assigned to this agent policy," click **Save and Deploy changes**. If successful, a "Success" confirmation appears in the lower right corner. +4. Click **Save** to save changes to the Policy. +5. On the dialog that appears, click **Save and Deploy changes**. If successful, a "Success" confirmation appears in the lower-right corner. [role="screenshot"] image::images/install-endpoint/malware-protection.png[] From 73ba3b253552bc796c025095e178801ccfcea651 Mon Sep 17 00:00:00 2001 From: Janeen Mikell-Straughn Date: Tue, 20 Oct 2020 16:17:45 -0400 Subject: [PATCH 2/2] attempt to fix build errors. --- docs/getting-started/install-endpoint.asciidoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/getting-started/install-endpoint.asciidoc b/docs/getting-started/install-endpoint.asciidoc index 652e37b223..0479e2ee32 100644 --- a/docs/getting-started/install-endpoint.asciidoc +++ b/docs/getting-started/install-endpoint.asciidoc @@ -24,7 +24,7 @@ If you're using the Elastic Agent on macOS Mojave (10.14) or later, ensure that [role="screenshot"] image::images/install-endpoint/security-integration.png[] + -2. On the Administration page of the {security-app} or the Elastic Endpoint Security integration page in {fleet}, select **Add Endpoint Security**. The integration configuration page appears. +2. On the Administration page of the {security-app} or the Elastic Endpoint Security integration page in Fleet, select **Add Endpoint Security**. The integration configuration page appears. 3. Select a configuration for the Elastic Agent. You can use either the **Default config**, or add security integration to a custom or existing configuration. For more details on Elastic Agent configuration settings, see {ingest-guide}/elastic-agent-configuration.html[Configuration settings]. 4. Configure the Elastic Endpoint Security integration with a name and optional description. When configuration is complete, select **Save integration**. Kibana redirects you back to the administration section of the {security-app}. + @@ -32,17 +32,17 @@ image::images/install-endpoint/security-integration.png[] image::images/install-endpoint/add-elastic-endpoint-security.png[] + 5. On the "Enable Elastic Endpoint Security" on your Agent's page, select the name of your new integration. To enroll your agents with Endpoint Security, select **Enroll Agent**. -6. Kibana redirects you back to {fleet} to add the Elastic Agent to your host. +6. Kibana redirects you back to Fleet to add the Elastic Agent to your host. [discrete] [[enroll-security-agent]] == Configure and enroll Elastic Agent -When integrating with the Elastic Agent, Elastic Endpoint Security **requires** enrollment through {fleet} to enable the integration. +When integrating with the Elastic Agent, Elastic Endpoint Security **requires** enrollment through Fleet to enable the integration. IMPORTANT: Elastic Endpoint Security cannot be integrated with an Elastic Agent in Standalone mode. -1. Go to {fleet}. Select **Overview** > **Add agent**. +1. Go to Fleet. Select **Overview** > **Add agent**. + [role="screenshot"] image::images/install-endpoint/add-agent.png[] @@ -53,7 +53,7 @@ image::images/install-endpoint/add-agent.png[] [role="screenshot"] image::images/install-endpoint/endpoint-configuration.png[] + -4. After the {agent} is installed on your host machine, open a command-line interface, and navigate to your Agent's directory. Copy the commands from {fleet} for your OS to enroll and run the Agent. +4. After the {agent} is installed on your host machine, open a command-line interface, and navigate to your Agent's directory. Copy the commands from Fleet for your OS to enroll and run the Agent. After you have enrolled the {agent} on your host, select **Continue**. The host now appears in the Endpoints list, located on the Administration page in the {security-app}.