Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Endpoint Trusted Applications docs need to mention that process events will always be generated #3489

Closed
2 tasks done
ferullo opened this issue Jun 22, 2023 · 3 comments
Closed
2 tasks done

[BUG] Endpoint Trusted Applications docs need to mention that process events will always be generated #3489

ferullo opened this issue Jun 22, 2023 · 3 comments
Assignees
@joepeeples
Labels
bug Something isn't working Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Effort: Small Issues that can be resolved quickly Feature: Elastic Defend Priority: Medium Issues that have relevance, but aren't urgent v8.12.0

Comments

@ferullo
Copy link
Collaborator

ferullo commented Jun 22, 2023
edited by joepeeples
Loading

Description: The Endpoint Trusted Applications documentation doesn't mention that processes that match Trusted Applications still intentionally generate process create and terminate events that are written to Elasticsearch. This is done to preserve process lineage information in the stack, which for instance is used to render Analyze Events graphs. Can we get the document updated to clear up this confusion?

If a user does want to prevent process create and terminate events for Trusted Applications from being written to Elasticsearch they can use a Event Filter to suppress them.

Doc URL link or topic name: https://www.elastic.co/guide/en/security/current/trusted-apps-ov.html

Pull requests

Tasks
Preview Give feedback
@ferullo ferullo added the bug Something isn't working label Jun 22, 2023
@ferullo
Copy link
Collaborator Author

ferullo commented Jun 22, 2023

cc @nfritts @nicholasberlin @gabriellandau

@gabriellandau gabriellandau changed the title [BUG] [BUG] Endpoint Trusted Applications docs need to mention that process events will always be generated Jun 22, 2023
@caitlinbetz
Copy link

thanks @ferullo , we mention this briefly on the Optimize Defend page - but it would be beneficial to include those bullets in the respective artifact main pages.

@joepeeples joepeeples self-assigned this Jun 23, 2023
@joepeeples joepeeples added v8.9.0 Priority: Medium Issues that have relevance, but aren't urgent Effort: Small Issues that can be resolved quickly labels Jun 23, 2023
@joepeeples joepeeples added v8.12.0 and removed v8.9.0 labels Nov 9, 2023
@joepeeples joepeeples added Docset: Serverless Issues for Serverless Security Docset: ESS Issues that apply to docs in the Stack release labels Nov 29, 2023
@joepeeples joepeeples mentioned this issue Jan 18, 2024
Merged
@joepeeples
Copy link
Contributor

Serverless OK to publish whenever content is ready

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joepeeples joepeeples

Labels
bug Something isn't working Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Effort: Small Issues that can be resolved quickly Feature: Elastic Defend Priority: Medium Issues that have relevance, but aren't urgent v8.12.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@caitlinbetz @ferullo @joepeeples