Hi @ManuelF thanks for trying out Endpoint Security.
I'll focus on your first question regarding the Security tab.
- Under Security/Administration/Hosts, I am able to see only the Windows machine. Is it to be expected that machines running Linux/Debian are not shown here? Only Windows or Mac? If Debian hosts should be here too, can you please help me to fix what I am missing or doing wrong?
First, you should check if the Endpoint is successfully connecting to Elasticsearch. Can you take a look at the Endpoint logs on your Linux machine? They should be located here: /opt/Elastic/Endpoint/state/log/
In the logs, if you see the message: Elasticsearch connection is down repeatedly, then the Endpoint isn't streaming any data to ES that the Security tab uses.
If you do not see the message that ES connection is down, refer to this post that troubleshoots some other connection issues: Endpoint 7.9 "Degraded and dashboards" - #18 by ferullo
If it looks like you're connected to ES and streaming data, let me know what else you see in the logs, or feel free to share them directly if you're comfortable with that, and we can dive deeper.
I will pull in someone else who is more familiar with Observability to help with your second question.