Elastic XDR - Removable Disk

Charles_Nkuna · June 21, 2024, 7:12am

Hi,

Does the Elastic XDR scan removable disk ?

lesio · June 21, 2024, 11:38am

It depends, as the name suggests Elastic Endpoint does Detection and Response, i.e. reacts to system activity. It doesn't proactively scan disk content. If you plugin a drive and execute something from it, Endpoint will scan the executable behind the scene.

If you're interested in scan response action, it's coming in v8.15.0

system · July 19, 2024, 11:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic XDR - Capabilities Elastic Security	3	192	June 19, 2024
SIEM and XDR Alerts Elastic Security	9	294	July 9, 2024
Endpoint Security Intergration vs. Windows and System Intergrations Endpoint Security	3	1094	March 9, 2022
Blocking Removable Media with Elastic Agent Elastic Security	2	224	April 3, 2024
How to test malware protection? Endpoint Security	3	1914	October 26, 2020

Elastic XDR - Removable Disk

Related topics