When i run a "virus" called eicar on my windows user, the endpoint launching an alert(prevent or detect) but i don't receive the alert on my elasticsearc dashboard.
Any solution for this problem?
Sounds the problem are this but i already enroll the endpoints(users) for this policies.
Any solution?
Any solution?
It sounds like Endpoint is unable to write to Elasticsearch. In Fleet, is the Agent in a healthy state? Does the rest of Elastic Agent work correctly? For instance, in Fleet if you select the relevant Agent then the Logs tab (next to the Agent details tab) do you see logs being streamed to Elasticsearch?
Assuming Agent is working properly and it's just the Endpoint integration that is failing, a first step is to test Endpoint's connection to Elasticsearch. To do that, on the host where you're testing with EICAR, as an Administator, run the command "c:\Program Files\Elastic\Endpoint\elastic-endpoint.exe" test output. The output from that will hopefully give some indication of the problem.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.