Skip to content

Commit

Permalink
Scan response action [ESS] (#5563) (#5613)
Browse files Browse the repository at this point in the history
* Update features privileges page

* Update response actions page

* Update response actions page (serverless)

* li'l edit

* 'nother li'l edit

* Revert change to serverless file

* Apply suggestions from Nastasha's review

Co-authored-by: Nastasha Solomon <[email protected]>

---------

Co-authored-by: Nastasha Solomon <[email protected]>
(cherry picked from commit 26aee2a)

Co-authored-by: Joe Peeples <[email protected]>
mergify[bot] and joepeeples authored Jul 25, 2024

Verified

This commit was signed with the committer’s verified signature.
aelesbao Augusto Elesbão
1 parent d4c8c58 commit 91a0819
Showing 3 changed files with 16 additions and 0 deletions.
3 changes: 3 additions & 0 deletions docs/getting-started/defend-feature-privs.asciidoc
Original file line number Diff line number Diff line change
@@ -57,6 +57,9 @@ To grant access, select *All* for the *Security* feature in the *{kib} privilege
a| Perform shell commands and script-related <<response-actions,response actions>> in the response console.

WARNING: The commands are run on the host using the same user account running the {elastic-defend} integration, which normally has full control over the system. Only grant this feature privilege to {elastic-sec} users who require this level of access.

| *Scan Operations*
| Perform folder scan <<response-actions,response actions>> in the response console.
|==============================================

[discrete]
Binary file modified docs/getting-started/images/endpoint-privileges.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
13 changes: 13 additions & 0 deletions docs/management/admin/response-actions.asciidoc
Original file line number Diff line number Diff line change
@@ -173,6 +173,19 @@ TIP: You can follow this with the `execute` response action to upload and run sc

NOTE: The default file size maximum is 25 MB, configurable in `kibana.yml` with the `maxUploadResponseActionFileBytes` setting. You must enter the value in bytes (the maximum is `104857600` bytes, or 100 MB).

[discrete]
=== `scan`

Scan a specific file or directory on the host for malware. The scan uses the <<malware-protection,malware protection settings>> (such as **Detect** or **Prevent** options, or enabling the blocklist) as configured in the host's associated {elastic-defend} integration policy. Use these parameters:

* `--path` : (Required) The absolute path to a file or directory to be scanned.

Required privilege: *Scan Operations*

Example: `scan --path "/Users/username/Downloads" --comment "Scan Downloads folder for malware"`

NOTE: Scanning can take longer for directories containing a lot of files.

[discrete]
[[supporting-commands-parameters]]
== Supporting commands and parameters

0 comments on commit 91a0819

Please sign in to comment.