7.14 - when I go to a case, with an alert on it , and click to get the fly out, I'm not seeing an option to "Take Action" and isolate a host. Do you only see the "Take Action" button if there is a certain alert in the case (e.g. a Malware alert - I currently have a "malware prevention alert".
I also cant see "Take Action" when I go to Endpoints, but I think that might only be there in 7.15.
Basically I'm wanting to test isolation. How can I do that?
Thanks community
Billy
Hi @wmacleodstrath - thanks for using Elastic Security!
A couple initial questions for you -
Windows server 2016
No license - I'm on the free on prem stuff. This article says it's free, open and limitless Elastic Security 7.14: Limitless XDR protection | Elastic Blog so I wouldn't expect i would need to purchase a license for it.
thanks
FYI I'm also a Super User
and if I go via Endpoint - I do see the "Take Action" button but my only choices are:
view host details
view agent policy
view agent details
reassign agent policy
and if I look at the policy status I see "Successfully read host isolation configuration (disabled)"
I seem to be having the same issue aswell on v7.15.0
Thanks to @ BenB196 for pointing out (on another thread) that it does indeed look like a chargeable feature on this page Subscriptions | Elastic Stack Products & Support | Elastic despite many other pages referring to it as "free and open Limitless XDR"
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
