Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Scan response action [ESS] #5563

Merged
merged 9 commits into from
Jul 25, 2024
Merged
Show file tree
Hide file tree
Changes from 6 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions docs/getting-started/defend-feature-privs.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@ To grant access, select *All* for the *Security* feature in the *{kib} privilege
a| Perform shell commands and script-related <<response-actions,response actions>> in the response console.

WARNING: The commands are run on the host using the same user account running the {elastic-defend} integration, which normally has full control over the system. Only grant this feature privilege to {elastic-sec} users who require this level of access.

| *Scan Operations*
| Perform folder scan <<response-actions,response actions>> in the response console.
|==============================================

[discrete]
Expand Down
Binary file modified docs/getting-started/images/endpoint-privileges.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
13 changes: 13 additions & 0 deletions docs/management/admin/response-actions.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,19 @@ TIP: You can follow this with the `execute` response action to upload and run sc

NOTE: The default file size maximum is 25 MB, configurable in `kibana.yml` with the `maxUploadResponseActionFileBytes` setting. You must enter the value in bytes (the maximum is `104857600` bytes, or 100 MB).

[discrete]
=== `scan`

Scan a specific file or directory on the host for malware. The scan uses the <<malware-protection,malware protection settings>> (such as Detect or Prevent options, or enabling the blocklist) as configured in the host's associated {elastic-defend} integration policy. Use these parameters:
joepeeples marked this conversation as resolved.
Show resolved Hide resolved

* `--path` : (Required) The absolute path to a file or directory to be scanned.

Required privilege: *Scan Operations*

Example: `scan --path "/Users/username/Downloads" --comment "Scan Downloads folder for malware"`

NOTE: Scanning can take longer for directories containing a lot of files.

[discrete]
[[supporting-commands-parameters]]
== Supporting commands and parameters
Expand Down