Elastic Endpoint Security

1. Head over to <COMPANY>.onelogin.com and log in with your provided credentials.     2. Click Accept from the 2FA app, OneLogin Protect.       3. You will now be able to log in to any service shown on your dashboard. Select your El...

Agent policies specify the Elastic Endpoint Security agent's behavior on each associated machine.  These policies allow for more granular control of each of the following: Malware protection Enable / Disable protection En...

These steps outline defining a new detection rule for Elastic Security.  Rules are: based on a list of parameters targeted at collected data ran periodically based on a user-defined schedule  can optionally take an automated action when tri...

Host isolation allows you to isolate hosts from your network, blocking communication with other hosts on your network until the host is released. Isolating a host helps respond to malicious activity or prevent potential attacks, as it prevent...

Retrieve Install Command Login to Elastic using the article here . Click the three line icon in the upper left hand corner and then navigate to Fleet. Click add agent Select the appropriate Agent Policy from the drop down ...

The Elastic dashboard is an incredibly versatile tool for displaying data in a dynamic and visual format. This page will provide a basic breakdown of the dashboard creation screen and a simple example. Accessing the Dashboards From the navigation...

This article will explain how to create a rule in Elastic Security to detect behavior associated with the Follina 0-day exploit, specifically to detect instances of the Microsoft Diagnostic Tool spawning from Microsoft Office processes. This rule wi...