Hi there,
i rolled out elastic defend to my kali linux vm. On this machine the Agend is degraded with Elastic Defend showing a problem "configure network events".
{"@timestamp":"2023-09-30T10:41:44.190134275Z","agent":{"id":"8a32fc53-b229-46ea-9418-7e877894bdb0","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"info","origin":{"file":{"line":639,"name":"Response.cpp"}}},"message":"Response.cpp:639 Setting behavior_protection to failure because of configure_network_events status","process":{"pid":614291,"thread":{"id":614300}}}
Guess there's a problem to attach to the relevant sources?
@GKre thanks for reaching out and sharing the issue you are seeing. Are you able to supply some more details about the Kali VM you are running? The output of the following would provide us with a good starting point.
# uname -a
Can you also share the version of the Elastic stack you are running as well as the version of Elastic Defend?
This is related to changes in the network stack in the latest Linux kernel (6.5 and onward) which some of our probes were incompatible with. This issue is fixed now and will roll out in the new 8.11 and also 8.10.3 I believe.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.