I have the agent running on some Linux servers and it generates about 15M process events within a 24 hour period. Is there a way to tune this as its consumes a lot of storage with data that is not very useful.
Also, are the documents detailing the recommendations for detection rules?
Hi @Dan_Kennedy there isn't currently a way to selectively disable Endpoint Security process events but we do understand the pain you feel and appreciate your feedback to help us prioritize future improvements. I should say, I assume Endpoint Security was installed and process events were enabled, correct?
Thanks
Yes it was installed with process events, and it makes up the vast majority
See the screenshot below
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
