Elastic Defend Degraded - Configure Network Events

Hi there,
i rolled out elastic defend to my kali linux vm. On this machine the Agend is degraded with Elastic Defend showing a problem "configure network events".

{"@timestamp":"2023-09-30T10:41:44.190134275Z","agent":{"id":"8a32fc53-b229-46ea-9418-7e877894bdb0","type":"endpoint"},"ecs":{"version":"1.11.0"},"log":{"level":"info","origin":{"file":{"line":639,"name":"Response.cpp"}}},"message":"Response.cpp:639 Setting behavior_protection to failure because of configure_network_events status","process":{"pid":614291,"thread":{"id":614300}}}
Guess there's a problem to attach to the relevant sources?

@GKre thanks for reaching out and sharing the issue you are seeing. Are you able to supply some more details about the Kali VM you are running? The output of the following would provide us with a good starting point.

# uname -a 

Can you also share the version of the Elastic stack you are running as well as the version of Elastic Defend?

yes of course - i also have log files but i do not know how to share them with this community.

uname -a
Linux kali 6.5.0-kali1-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.5.3-1kali1 (2023-09-19) x86_64 GNU/Linux

I am running 8.10.1 and Defend is on 8.10.2

Hi,

This is related to changes in the network stack in the latest Linux kernel (6.5 and onward) which some of our probes were incompatible with. This issue is fixed now and will roll out in the new 8.11 and also 8.10.3 I believe.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.