Elastic XDR - Capabilities

Elastic XDR – 1. Can you perform host scan on the Console? if so, how do you do that?
2. How do you read agent logs in terms of troubleshoot?
3. if the Agent is on Unhealthy status how do you troubleshoot the issue step by step?
4. is it possible to consider as roadmap adding a "Process name" when performing trusted applications?
5. How do you remediate the high usage of CPU on the elastic agent? Csv extractions
6. How do you pull list of endpoints and servers on the Elastic Platform.

hi @Charles_Nkuna . Thanks for your post, and for using Elastic Security. Please find my responses to your questions below.

1. Can you perform host scan on the Console? if so, how do you do that?

Defend scans for malware as it is created, modified, and executed. Anything on disk will be scanned before it can execute and cause harm. There's no current capability to walk the filesystem and scan each file at rest.

2. How do you read agent logs in terms of troubleshoot?

Please reference the following documentation for insight into viewing logs: Monitor Elastic Agents | Fleet and Elastic Agent Guide [8.13] | Elastic

3. if the Agent is on Unhealthy status how do you troubleshoot the issue step by step?

For specifics around Endpoint may be causing an unhealthy status, please see Endpoint management | Elastic Security Solution [8.13] | Elastic

For Fleet and Agent related troubleshooting - we recommend using Troubleshoot common problems | Fleet and Elastic Agent Guide [8.13] | Elastic as a reference and starting point.

4. is it possible to consider as roadmap adding a "Process name" when performing trusted applications?

Noted

5. How do you remediate the high usage of CPU on the elastic agent?

Here is some guidance to help with CPU troubleshooting: endpoint/EndpointTopCommand.md at main · elastic/endpoint · GitHub

6. How do you pull list of endpoints and servers on the Elastic Platform.

Hi Caitlinbetz,

Thanks for the response.

  1. based on the scanning of the individual host. so you cant run a quick scan or full scan on the agent via the console in simple term?

  2. Pulling the list of the endpoints on the console using Discover the query shared seems to do duplicates of the endpoints on the output.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.