Response Action

Hi
when I send action query for example "processes" on response tab, i recieve this error "response action signature verification failed with error: signature could not be verified"

There's very little details in this description so we have to consider an issue on Endpoint side or at stack side. I'd suggest to verify the signing (stack side) first. Could you modify Elastic Defend policy, change anything, un-check some event collection for example, and wait for it to be applied on that Endpoint. If it applies without issues then we're having a response action specific issue. Otherwise it'd suggest that signing at the stack side has changed.

In any case changing log level to Debug, repeating the experiment (change of policy, executing the action), and collecting diagnostics zip will help us to see more.

how can i verify the signing (stack side)?

Could you modify Elastic Defend policy, change anything, un-check some event collection for example, and wait for it to be applied on that Endpoint. If it applies without issues then we're having a response action specific issue. Otherwise it'd suggest that signing at the stack side has changed.

I'm sorry, that it wasn't clear.

PS. Providing a stack and Elastic Defend version always helps, there could have been known issues for example. We will see all versions from diagnostic zip bundle anyway.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.