Hello,
I wonder, if there's possibility for elastic-agent to distinguish between actions in docker/containers/k8s and actions occuring directly on host.
The issue is there are bunch of FP alerts, which are related to containers and are confusing and add additional toil for analysts
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.