Skip to content

[DOCS] Updates to install endpoint page #331

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 20, 2020
Merged

[DOCS] Updates to install endpoint page #331

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
df01f9a
small malware config updates and other edits.
jmikell821 Oct 20, 2020
73ba3b2
attempt to fix build errors.
jmikell821 Oct 20, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 16 additions & 16 deletions docs/getting-started/install-endpoint.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ NOTE: Configuring the Endpoint Integration on the Elastic Agent requires that th
[[security-before-you-begin]]
== Before you begin

If you're using the Elastic Agent on macOS Mojave (10.14) or later, ensure that you have enabled <<sensor-full-disk-access,Full Disk Access>>. Lastly, review the Elastic Security system requirements.
If you're using the Elastic Agent on macOS Mojave (10.14) or later, ensure that you have enabled <<sensor-full-disk-access,Full Disk Access>>. Lastly, review the <<sec-requirements>>.

[discrete]
[[add-security-integration]]
Expand All @@ -24,15 +24,15 @@ If you're using the Elastic Agent on macOS Mojave (10.14) or later, ensure that
[role="screenshot"]
image::images/install-endpoint/security-integration.png[]
+
2. On the Administration page of the security app or the Elastic Endpoint Security integration page in Ingest Manager, select **Add Endpoint Security**. The integration configuration page appears.
3. Select a configuration for the Elastic Agent. You can use either the **Default config**, or adds security integration to a custom or existing configuration. For more details on Elastic Agent configuration settings, see {ingest-guide}/elastic-agent-configuration.html[Configuration settings].
4. Configure the Elastic Endpoint Security integration with a name and optional description. When done configuring, select **Save integration**. Kibana redirects you back to the administration section of the security app.
2. On the Administration page of the {security-app} or the Elastic Endpoint Security integration page in Fleet, select **Add Endpoint Security**. The integration configuration page appears.
3. Select a configuration for the Elastic Agent. You can use either the **Default config**, or add security integration to a custom or existing configuration. For more details on Elastic Agent configuration settings, see {ingest-guide}/elastic-agent-configuration.html[Configuration settings].
4. Configure the Elastic Endpoint Security integration with a name and optional description. When configuration is complete, select **Save integration**. Kibana redirects you back to the administration section of the {security-app}.
+
[role="screenshot"]
image::images/install-endpoint/add-elastic-endpoint-security.png[]
+
5. On the Enable Elastic Endpoint Security on your Agent's page, select the name of your new integration. To enroll your Agents with Endpoint Security, select **Enroll Agent**.
6. Kibana redirects you back to Ingest manager to add the Elastic Agent to your host.
5. On the "Enable Elastic Endpoint Security" on your Agent's page, select the name of your new integration. To enroll your agents with Endpoint Security, select **Enroll Agent**.
6. Kibana redirects you back to Fleet to add the Elastic Agent to your host.

[discrete]
[[enroll-security-agent]]
Expand All @@ -42,7 +42,7 @@ When integrating with the Elastic Agent, Elastic Endpoint Security **requires**

IMPORTANT: Elastic Endpoint Security cannot be integrated with an Elastic Agent in Standalone mode.

1. Go to Ingest Manager. Select **Overview** > **Add agent**.
1. Go to Fleet. Select **Overview** > **Add agent**.
+
[role="screenshot"]
image::images/install-endpoint/add-agent.png[]
Expand All @@ -53,17 +53,17 @@ image::images/install-endpoint/add-agent.png[]
[role="screenshot"]
image::images/install-endpoint/endpoint-configuration.png[]
+
4. After the Elastic Agent is installed on your host machine, open a command-line interface, and navigate to your Agent's directory. Copy the commands from Ingest Manager for your OS to enroll and run the Agent.
4. After the {agent} is installed on your host machine, open a command-line interface, and navigate to your Agent's directory. Copy the commands from Fleet for your OS to enroll and run the Agent.

After you have enrolled the Elastic Agent on your host, select **Continue**. The host now appears on the Hosts view page inside the Elastic Security app.
After you have enrolled the {agent} on your host, select **Continue**. The host now appears in the Endpoints list, located on the Administration page in the {security-app}.

To unenroll an agent from your host, see {ingest-guide}/unenroll-elastic-agent.html[Unenroll Elastic Agent].

[discrete]
[[enable-kernel-extension]]
== Enable Elastic Endpoint kernel

When running the Elastic agent with endpoint integrated on macOS, you might be prompted to approve a kernel extension from "Endgame, Inc". To approve the extension:
When running the {agent} with endpoint integrated on macOS, you might be prompted to approve a kernel extension from "Endgame, Inc". To approve the extension:

TIP: JAMF users can approve the Kernel the same way for the **Elastic Endgame** app.

Expand Down Expand Up @@ -96,13 +96,13 @@ If the prompt does not appear when trying to run the Elastic Agent:

After you have installed the agent, malware prevention is automatically enabled on protected hosts. If needed, you can configure malware protection settings to meet your company's security needs.

1. In the security app, select the **Admin** tab to view the Administration page. Remember that you must have admin permissions in {kib} to access this page.
2. From the **Integration** column, select the integration you want to configure. The Host Configuration page appears.
3. By default, the **Malware Protection Enabled** toggle is on. To disable malware protection, switch the toggle off. Malware protection levels are as follows:
* **Detect**: Detects malware on the host and generates an alert. When set to detect, the agent will **not** block malware. You must pay attention to and analyze any malware alerts that are generated.
1. In the security app, select the **Administration** tab to view the Endpoints list. Remember that you must have admin permissions in {kib} to access this page.
2. From the **Integration Policy** column, select the Policy you want to configure. The Integration Policy page appears.
3. By default, the **Malware Protections Enabled** toggle is on. To disable malware protection, switch the toggle off. Malware protection levels are as follows:
* **Detect**: Detects malware on the host and generates an alert. The agent will **not** block malware. You must pay attention to and analyze any malware alerts that are generated.
* **Prevent** (Default): Detects malware on the host, blocks it from executing, and generates an alert.
4. Click **Save** to save changes to the integration.
5. On the dialog box that says, "Saving these changes will apply updates to number endpoints assigned to this agent policy," click **Save and Deploy changes**. If successful, a "Success" confirmation appears in the lower right corner.
4. Click **Save** to save changes to the Policy.
5. On the dialog that appears, click **Save and Deploy changes**. If successful, a "Success" confirmation appears in the lower-right corner.

[role="screenshot"]
image::images/install-endpoint/malware-protection.png[]