-
Notifications
You must be signed in to change notification settings - Fork 180
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update macOS Endpoint install and deploy documentation for Ventura (#…
…3161) Co-authored-by: Joe Peeples <[email protected]> Co-authored-by: Yamin Tian <[email protected]> (cherry picked from commit 0c82ecf)
- Loading branch information
1 parent
d993af0
commit 8382a8f
Showing
16 changed files
with
126 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
[[elastic-endpoint-deploy-reqs]] | ||
= {elastic-endpoint} requirements | ||
|
||
:frontmatter-description: Manually install and deploy Elastic Endpoint. | ||
:frontmatter-tags-products: [security] | ||
:frontmatter-tags-content-type: [other] | ||
:frontmatter-tags-user-goals: [secure] | ||
|
||
To properly deploy {elastic-endpoint} without a Mobile Device Management (MDM) profile, you must manually enable additional permissions on the endpoint before {elastic-endpoint} can be fully functional. For more information, refer to the instructions for your macOS version: | ||
|
||
* <<deploy-elastic-endpoint>> | ||
* <<deploy-elastic-endpoint-ven>> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
101 changes: 101 additions & 0 deletions
101
docs/getting-started/install-elastic-endpoint-ven.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
[[deploy-elastic-endpoint-ven]] | ||
= Install {elastic-endpoint} manually on macOS Ventura and higher | ||
|
||
:frontmatter-description: Manually install and deploy Elastic Endpoint on macOS Ventura and higher. | ||
:frontmatter-tags-products: [security] | ||
:frontmatter-tags-content-type: [how-to] | ||
:frontmatter-tags-user-goals: [secure] | ||
|
||
|
||
To properly install and configure {elastic-endpoint} manually without a Mobile Device Management (MDM) profile, there are additional permissions that must be enabled on the endpoint before {elastic-endpoint} can be fully functional: | ||
|
||
* <<system-extension-endpoint-ven, Approve the system extension>> | ||
* <<allow-filter-content-ven, Approve network content filtering>> | ||
* <<enable-fda-endpoint-ven, Enable Full Disk Access>> | ||
|
||
NOTE: The following permissions that need to be enabled are required after you <<install-endpoint, configure and install the {elastic-defend} integration>>, which includes <<enroll-security-agent, enrolling the {agent}>>. | ||
|
||
[discrete] | ||
[[system-extension-endpoint-ven]] | ||
== Approve the system extension for {elastic-endpoint} | ||
|
||
For macOS Ventura (13.0) and later, {elastic-endpoint} will attempt to load a system extension during installation. This system extension must be loaded in order to provide insight into system events such as process events, file system events, and network events. | ||
|
||
The following message appears during installation: | ||
|
||
[role="screenshot"] | ||
image::install-endpoint-ven/system_extension_blocked_warning_ven.png[] | ||
|
||
. Click *Open System Settings*. | ||
. In the left pane, click *Privacy & Security*. | ||
+ | ||
[role="screenshot"] | ||
image::install-endpoint-ven/privacy_security_ven.png[] | ||
+ | ||
. On the right pane, scroll down to the Security section. Click *Allow* to allow the ElasticEndpoint system extension to load. | ||
+ | ||
[role="screenshot"] | ||
image::install-endpoint-ven/allow_system_extension_ven.png[] | ||
|
||
. Enter your username and password and click **Modify Settings** to save your changes. | ||
|
||
+ | ||
[role="screenshot"] | ||
image::install-endpoint-ven/enter_login_details_to_confirm_ven.png[] | ||
|
||
[discrete] | ||
[[allow-filter-content-ven]] | ||
== Approve network content filtering for {elastic-endpoint} | ||
|
||
After successfully loading the ElasticEndpoint system extension, an additional message appears, asking to allow {elastic-endpoint} to filter network content. | ||
|
||
[role="screenshot"] | ||
image::install-endpoint-ven/allow_network_filter_ven.png[] | ||
|
||
Click *Allow* to enable content filtering for the ElasticEndpoint system extension. Without this approval, {elastic-endpoint} cannot receive network events and, therefore, cannot enable network-related features such as <<host-isolation-ov, host isolation>>. | ||
|
||
[discrete] | ||
[[enable-fda-endpoint-ven]] | ||
== Enable Full Disk Access for {elastic-endpoint} | ||
|
||
{elastic-endpoint} requires Full Disk Access to subscribe to system events via the {elastic-defend} framework and to protect your network from malware and other cybersecurity threats. Full Disk Access permissions is a privacy feature introduced in macOS Mojave (10.14) that prevents some applications from accessing your data. | ||
|
||
If you have not granted Full Disk Access, the following notification prompt will appear. | ||
|
||
[role="screenshot"] | ||
image::install-endpoint-ven/allow_full_disk_access_notification_ven.png[] | ||
|
||
To enable Full Disk Access, you must manually approve {elastic-endpoint}. | ||
|
||
NOTE: The following instructions apply only to {elastic-endpoint} running {stack} version 8.0.0 and later. To see Full Disk Access requirements for the Endgame sensor, refer to <<endgame-sensor-full-disk-access>>. | ||
|
||
. Open the *System Settings* application. | ||
. In the left pane, select *Privacy & Security*. | ||
+ | ||
[role="screenshot"] | ||
image::install-endpoint-ven/privacy_security_ven.png[] | ||
+ | ||
. From the right pane, select *Full Disk Access*. | ||
+ | ||
[role="screenshot"] | ||
image::install-endpoint-ven/select_fda_ven.png[Select Full Disk Access] | ||
+ | ||
. Enable `ElasticEndpoint` and `co.elastic` to properly enable Full Disk Access. | ||
+ | ||
[role="screenshot"] | ||
image::install-endpoint-ven/allow_fda_ven.png[] | ||
|
||
If the endpoint is running {stack} version 7.17.0 or earlier: | ||
|
||
. Click the *+* button to view *Finder*. | ||
. The system may prompt you to enter your username and password if you haven't already. | ||
+ | ||
[role="screenshot"] | ||
image::install-endpoint-ven/enter_login_details_to_confirm_ven.png[] | ||
+ | ||
. Navigate to `/Library/Elastic/Endpoint`, then select the `elastic-endpoint` file. | ||
. Click *Open*. | ||
. In the *Privacy* tab, confirm that `ElasticEndpoint` and `co.elastic.systemextension` are selected to properly enable Full Disk Access. | ||
+ | ||
[role="screenshot"] | ||
image::install-endpoint-ven/verify_fed_granted_ven.png[Select Full Disk Access] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+19.5 KB
...etting-started/install-endpoint-ven/allow_full_disk_access_notification_ven.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+33.9 KB
docs/getting-started/install-endpoint-ven/allow_network_filter_ven.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+21.7 KB
.../getting-started/install-endpoint-ven/allow_notifications_from_endpoint_ven.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+179 KB
docs/getting-started/install-endpoint-ven/allow_system_extension_ven.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+155 KB
docs/getting-started/install-endpoint-ven/enter_login_details_to_confirm_ven.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+39 KB
docs/getting-started/install-endpoint-ven/system_extension_blocked_warning_ven.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters